Mattermost server Vulnerabilities

This vulnerability allows an attacker who is already logged into Mattermost to find out the names and URLs of teams they shouldn't have access to by posting links in channels and checking the system's responses. It affects specific versions of Mattermost and highlights a failure to properly check if a user is part of a team before revealing its information.

This vulnerability allows an attacker to steal sensitive information, like password hashes and multi-factor authentication secrets, from other users by manipulating their profile nickname or during email verification events. The attacker must already be logged in as an authenticated user on the affected versions of Mattermost to exploit this weakness.

This vulnerability allows an attacker who is already logged in to bypass single sign-on (SSO) requirements and use a userID-based login instead. It affects specific versions of Mattermost, meaning only users on those versions are at risk.

This vulnerability allows an attacker to start Zoom meetings as any user and change posts in Mattermost by tricking the system into thinking they are someone else. It affects specific versions of Mattermost and requires the attacker to have access to the API, meaning they need to be able to send requests to the server.

This vulnerability allows any logged-in user to change Zoom meeting settings for any channel in Mattermost by sending specially crafted requests. It affects specific versions of Mattermost and the Zoom plugin, meaning that if you're using those versions, an attacker could exploit this flaw without needing special access.

An attacker who has access to the Jira plugin in Mattermost can exploit a flaw to read messages and attachments from private channels they shouldn't have access to by using the ID of a specific post. This vulnerability affects certain versions of Mattermost and requires the attacker to be authenticated in the system.