Mattermost Server 10.10.0
Approved changes feed: RSS · Atom
cpe:2.3:a:mattermost:mattermost_server:10.10.0:-:*:*:*:*:*:*
part: a version: 10.10.0 update: -
| Vendor | Mattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc) |
|---|---|
| Product | Mattermost Server (657bc445-594e-5ca1-a676-4f18538f1c02) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/mattermost/mattermost-server |
purl2cpe | 2026-06-01 10:18:19.859521 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8402 |
vulnerable | 2026-06-03 15:13:43.543894 |
Nil pointer dereference in bulk import crashes server
MEDIUM (4.9)
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.
Published: 2025-08-21T17:01:43.420Z
Updated: 2025-08-21T17:30:38.422Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6465 |
vulnerable | 2026-06-03 15:12:27.661648 |
Path traversal in image upload with preview overwrite
MEDIUM (4.3)
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.
Published: 2025-08-21T17:01:42.866Z
Updated: 2025-08-21T17:30:45.951Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49222 |
vulnerable | 2026-06-03 15:01:44.286432 |
Mattermost Shared Channel Upload Type Validation Bypass
MEDIUM (6.8)
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2, 10.10.x <= 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in arbitrary filesystem directories.
Published: 2025-08-21T07:59:45.057Z
Updated: 2025-08-21T13:57:13.759Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.