11 matches found
Mattermost Server 10.11.x < 10.11.13 Improper Validation (MMSA-2026-00603)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00603 advisory. - Mattermost versions 10.11.x prior to 10.11.13 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicio...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the Connected Workspaces API. An attacker can change the displayed status of local users by connecting a malicious remote server using the Connected Workspaces feature. Remediation Upgrade...
Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
GHSA-MXXH-FMJQ-J6X4 Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
CVE-2026-27769
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
CVE-2026-27769
Mattermost CVE-2026-27769 affects Mattermost 10.11.x up to 10.11.12 where the Connected Workspaces feature does not validate that users are correctly owned by the target Connected Workspace. This allows a malicious remote server connected via the Connected Workspaces API to change the displayed s...
CVE-2026-27769
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status
Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...
PT-2026-33036
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.12 Description Improper validation of user ownership within the Connected Workspaces feature allows a malicious remote server to change the displayed status of local users via the Connected Workspaces...