Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/07/24 12:0 a.m.6 views

Mattermost Server 9.11.x < 9.11.17 / 10.5.x < 10.5.7 / 10.7.x < 10.7.4 / 10.8.x < 10.8.2 (MMSA-2025-00490)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00490 advisory. - Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by...

6.5CVSS5.6AI score0.00309EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/20 9:59 a.m.10 views

CVE-2025-6226

Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...

6.5CVSS6.9AI score0.00309EPSS
Exploits0References1
Circl
Circl
added 2025/07/18 9:27 a.m.6 views

CVE-2025-6226

creationtimestamp| type| source ---|---|--- 2025-07-18 09:27:46+00:00| seen| Telegram/Eszw3unyu3KekWB6tYgDG1I5fneJ6cJ4d9-NSrno7K9V47Y...

6.5CVSS5.2AI score0.00309EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/07/18 8:48 a.m.7 views

CVE-2025-6226 IDOR in CreatePost API allows for timeboxed message disclosure

Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...

6.5CVSS6.2AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2025/07/18 8:48 a.m.35 views

CVE-2025-6226

Mattermost Server contains an IDOR-like flaw (CVE-2025-6226) where authentication is not verified when retrieving cached posts by PendingPostID. Affected versions include 9.11.x &lt;= 9.11.16, 10.5.x &lt;= 10.5.6, 10.7.x &lt;= 10.7.3, and 10.8.x

6.5CVSS6.2AI score0.00309EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/07/18 8:48 a.m.18 views

CVE-2025-6226 IDOR in CreatePost API allows for timeboxed message disclosure

Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...

6.5CVSS0.00309EPSS
Exploits0References1
Rows per page
Query Builder