99 matches found
CVE-2025-7426
The CVE-2025-7426 entry relates to MINOVA TTA, where the FTP credentials are exposed through the debug port 1604 on the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account and could enable data manipulation or extraction in automated processes (EDI/data integrat...
PT-2025-34601 · Unknown · Minova Tta
Name of the Vulnerable Software and Affected Versions: MINOVA TTA version 11.17.0 Description: The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import...
CVE-2021-35503
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...
Mattermost Improper Access Control Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from improper access control and can be exploited by an attacker to retrieve user activity logs...
SUSE CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to insufficient enforcement of access restrictions on the /api/v4/audits endpoint, allowing users with delegated granular administration roles to access User Activity Logs without Compliance...
CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access control...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...
GHSA-XFQ9-HH5X-XFQ9 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866
CVE-2025-24866 affects Mattermost server (Mattermost 9.11.x, including 9.11.8 and earlier) where the access control on the /api/v4/audits endpoint is improper. The vulnerability allows users with delegated granular administration roles who do not have access to Compliance Monitoring to retrieve U...
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from improper access control and can be exploited by an attacker to retrieve user activity logs...
PT-2025-15996 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.8 Description: The issue is related to improper access controls on the "/api/v4/audits" endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to...
CVE-2024-43064
creationtimestamp| type| source ---|---|--- 2025-01-06 11:12:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113781107563141439 2025-01-06 11:15:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2z24gva622 2025-01-06 11:43:07+00:00| seen|...