6 matches found
Mattermost Server 9.11.x < 9.11.17 / 10.5.x < 10.5.7 / 10.7.x < 10.7.4 / 10.8.x < 10.8.2 (MMSA-2025-00490)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00490 advisory. - Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by...
CVE-2025-6226
Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...
CVE-2025-6226
creationtimestamp| type| source ---|---|--- 2025-07-18 09:27:46+00:00| seen| Telegram/Eszw3unyu3KekWB6tYgDG1I5fneJ6cJ4d9-NSrno7K9V47Y...
CVE-2025-6226 IDOR in CreatePost API allows for timeboxed message disclosure
Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...
CVE-2025-6226
Mattermost Server contains an IDOR-like flaw (CVE-2025-6226) where authentication is not verified when retrieving cached posts by PendingPostID. Affected versions include 9.11.x <= 9.11.16, 10.5.x <= 10.5.6, 10.7.x <= 10.7.3, and 10.8.x
CVE-2025-6226 IDOR in CreatePost API allows for timeboxed message disclosure
Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...