Mattermost: >> Mattermost Server >> 9.11.17 Security Vulnerabilities
Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin signature enforcement and marketplace restrictions.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-08-21
Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-04-16
Page 2