Lucene search
+L

99 matches found

CVE
CVE
added 2025/08/25 8:52 a.m.32 views

CVE-2025-7426

The CVE-2025-7426 entry relates to MINOVA TTA, where the FTP credentials are exposed through the debug port 1604 on the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account and could enable data manipulation or extraction in automated processes (EDI/data integrat...

9.3CVSS7.2AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.7 views

PT-2025-34601 · Unknown · Minova Tta

Name of the Vulnerable Software and Affected Versions: MINOVA TTA version 11.17.0 Description: The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import...

9.3CVSS6.7AI score0.00343EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 7:54 p.m.11 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

6.1CVSS5.7AI score0.00712EPSS
Exploits1References1
CNVD
CNVD
added 2025/04/25 12:0 a.m.5 views

Mattermost Improper Access Control Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from improper access control and can be exploited by an attacker to retrieve user activity logs...

2.7CVSS7AI score0.00278EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/24 3:24 a.m.6 views

SUSE CVE-2025-24866

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS4AI score0.00278EPSS
Exploits0References3
Veracode
Veracode
added 2025/04/21 3:54 a.m.8 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to insufficient enforcement of access restrictions on the /api/v4/audits endpoint, allowing users with delegated granular administration roles to access User Activity Logs without Compliance...

2.7CVSS7AI score0.00278EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/12 4:2 p.m.33 views

CVE-2025-24866

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS6.8AI score0.00278EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/10 6:32 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...

5.1CVSS7AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/10 6:32 p.m.3 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access control...

5.1CVSS6.9AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/10 6:32 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...

5.1CVSS4.2AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2025/04/10 6:32 p.m.7 views

GHSA-XFQ9-HH5X-XFQ9 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS3.8AI score0.00278EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/10 6:32 p.m.19 views

Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS3.6AI score0.00278EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/04/10 4:15 p.m.35 views

CVE-2025-24866

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 3:33 p.m.231 views

CVE-2025-24866

CVE-2025-24866 affects Mattermost server (Mattermost 9.11.x, including 9.11.8 and earlier) where the access control on the /api/v4/audits endpoint is improper. The vulnerability allows users with delegated granular administration roles who do not have access to Compliance Monitoring to retrieve U...

2.7CVSS7.1AI score0.00278EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/10 3:33 p.m.20 views

CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/10 3:33 p.m.9 views

CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS3.9AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2025/04/10 3:33 p.m.6 views

CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS5.9AI score0.00278EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from improper access control and can be exploited by an attacker to retrieve user activity logs...

2.7CVSS6.8AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.5 views

PT-2025-15996 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.8 Description: The issue is related to improper access controls on the "/api/v4/audits" endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to...

9.9CVSS4.5AI score0.00955EPSS
Exploits1References38
Circl
Circl
added 2025/01/06 11:12 a.m.14 views

CVE-2024-43064

creationtimestamp| type| source ---|---|--- 2025-01-06 11:12:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113781107563141439 2025-01-06 11:15:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2z24gva622 2025-01-06 11:43:07+00:00| seen|...

7.5CVSS4.8AI score0.00084EPSS
Exploits0References5
Rows per page
Query Builder