Mattermost: >> Mattermost Server >> 10.2.0 Security Vulnerabilities
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-15
Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props.
CVSS Score
4.3
EPSS Score
0.003
Published
2025-01-09
Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-01-09
Page 2