SUSE CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Agents plugin process. An attacker can access information about when users have read channels by querying channel member objects. Remediation Upgrade...

EUVD-2025-198045

Mattermost allows other users to determine when users had read channels via channel member objects...

GHSA-9HH7-6558-QFP2 Mattermost allows other users to determine when users had read channels via channel member objects

Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

Mattermost allows other users to determine when users had read channels via channel member objects

Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

CVE-2025-55074

Mattermost server (versions 10.11.x <= 10.11.3 and 10.5.x

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

PT-2025-47329

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Description The Mattermost application does not properly enforce access permissions within the Agents plugin. This allows other users to determine when user...

EUVD-2025-25431

Malicious code in bioql PyPI...

EUVD-2023-1608

Malicious code in bioql PyPI...

EUVD-2022-2189

Malicious code in bioql PyPI...

EUVD-2022-4585

Malicious code in bioql PyPI...

GO-2025-3906 Mattermost Server SSRF Vulnerability via the Agents Plugin in github.com/mattermost/mattermost-server

Mattermost Server SSRF Vulnerability via the Agents Plugin in github.com/mattermost/mattermost-server...

CVE-2025-47700

Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...

GHSA-VQWH-5JHH-VC9P Mattermost Server SSRF Vulnerability via the Agents Plugin

Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...

Mattermost Server SSRF Vulnerability via the Agents Plugin

Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...