GHSA-JCMH-X32V-7MGF Cloud Foundry UAA privilege escalation with user invitations

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release uaa-release 13.x versions prior to v13.15,...

Cloud Foundry UAA privilege escalation with user invitations

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release uaa-release 13.x versions prior to v13.15,...

Mattermost Access Control Error Vulnerability (CNVD-2022-31756)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. An Access Control Error vulnerability exists in Mattermost 6.4.x and earlier versions, which stems from an inability to properly invalidate a pending email invitation when executed from the system...

GHSA-FXWJ-V664-WV5G Improper Control of a Resource Through its Lifetime in Mattermost

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

Improper Control of a Resource Through its Lifetime in Mattermost

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

CVE-2022-1385

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

CVE-2022-1385

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

CVE-2022-1385

Mattermost 6.4.x and earlier suffer from an improper invalidation of pending email invitations when performed from the system console, allowing accidentally invited users to join a workspace and access information from public channels/teams. This is due to an inadequate invitation invalidation fl...

PT-2022-13846 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.x and earlier Description: The issue arises from the failure to properly invalidate pending email invitations when the action is performed from the system console. This allows accidentally invited users to join the...

Apache CloudStack Security Feature Issue Vulnerability

Apache CloudStack is an Infrastructure-as-a-Service IaaS cloud computing platform from the Apache Foundation. The platform is primarily used to deploy and manage large networks of virtual machines.A security feature issue vulnerability exists in versions of Apache CloudStack prior to 4.16.1.0,...

CVE-2022-1002

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...

CVE-2022-1002

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...

CVE-2022-1002

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...

Mattermost 跨站脚本漏洞

A security vulnerability exists in Mattermost, an open source collaboration platform from Mattermost Inc. in the U.S. The vulnerability allows a registered user with special privileges to invite guest users to inject unescaped HTML content into an email invitation. No details of the vulnerability...

Improper access control

Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...

CVE-2022-21706 Multi-use invitations can grant access to other organizations in Zulip

Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...

CVE-2022-21706

Zulip Server 2.0.0+ was vulnerable to insufficient access control via multi-use invitations in multi-org deployments: an invite from one organization could join another, bypassing domain restrictions and potentially granting elevated privileges. It is patched in release 4.10; upgrading to 4.10 fi...

CVE-2022-21706 Multi-use invitations can grant access to other organizations in Zulip

Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...

Discourse 授权问题漏洞

Discourse is an open source community discussion platform that includes community, email, and chat room features. A security vulnerability exists in Discourse, which stems from the fact that users invited via email to a forum with "must approve users" enabled will automatically log in, bypassing...

CVE-2021-39875

In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint...