Nixpkgs security tracker

Login with GitHub

Suggestions search

Dismissed
Filter by:
With package: mattermostLatest

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-14822
3.1 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 5 months ago by @LeSuisse Activity log
  • Created suggestion 5 months ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.mattermostdriver
    • python313Packages.mattermostdriver
    • mattermost-desktop
    5 months ago
  • @LeSuisse dismissed 5 months ago
DoS from quadratic complexity in model.ParseHashtags

Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens

Affected products

Mattermost
  • ==11.2.0
  • ==10.11.9
  • =<10.11.8

Matching in nixpkgs

pkgs.mattermost

Open source platform for secure collaboration across the entire software development lifecycle

pkgs.mattermostLatest

Open source platform for secure collaboration across the entire software development lifecycle

Ignored packages (3)

Package maintainers

Already fixed in unstable and stable branches.
Permalink CVE-2025-14435
6.8 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 5 months ago by @LeSuisse Activity log
  • Created suggestion 5 months ago
  • @LeSuisse ignored
    5 packages
    • python312Packages.mattermostdriver
    • python313Packages.mattermostdriver
    • mattermost-desktop
    • mattermostLatest
    • mattermost
    5 months ago
  • @LeSuisse restored
    2 packages
    • mattermostLatest
    • mattermost
    5 months ago
  • @LeSuisse dismissed 5 months ago
Application-Level DoS via infinite re-render loop in user profile handling

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.

Affected products

Mattermost
  • ==11.0.7
  • ==11.2.0
  • =<10.11.8
  • ==10.11.9
  • =<11.1.1
  • =<11.0.6
  • ==11.1.2

Matching in nixpkgs

pkgs.mattermost

Open source platform for secure collaboration across the entire software development lifecycle

pkgs.mattermostLatest

Open source platform for secure collaboration across the entire software development lifecycle

Ignored packages (3)

Package maintainers

Already fixed in unstable and stable branches.