26 matches found
GHSA-FX49-M253-27JJ Mattermost fails to filter invite IDs based on user permissions
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation. Mattermost Advisory ID:...
SUSE CVE-2025-14573
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
GO-2026-4523 Mattermost fails to enforce invite permissions when updating team settings in github.com/mattermost/mattermost-server
Mattermost fails to enforce invite permissions when updating team settings in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
EUVD-2025-206979
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
Mattermost fails to enforce invite permissions when updating team settings
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
GHSA-CGJG-P2M2-QM4P Mattermost fails to enforce invite permissions when updating team settings
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
CVE-2025-14573
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
CVE-2025-14573
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
CVE-2025-14573 Team Admin Bypass of Invite Permissions via allow_open_invite Field
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
CVE-2025-14573 Team Admin Bypass of Invite Permissions via allow_open_invite Field
Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...
CVE-2025-14573
Mattermost advisory MMSA-2025-00561 describes a vulnerability in Mattermost versions 10.11.x ≤ 10.11.9 where invite permissions are not enforced when updating team settings. This allows team administrators lacking proper permissions to bypass restrictions and add users to their team via API reque...
PT-2026-8341
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.9 Description Mattermost versions 10.11.x up to and including 10.11.9 do not properly enforce invite permissions when team settings are updated. This allows team administrators lacking the necessary...
EUVD-2025-0038
Malicious code in bioql PyPI...
CVE-2025-3913
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the...
GO-2025-3693 Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server
Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server...
CVE-2024-21630
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite...
CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams
Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...
Mattermost Server 9.11.x < 9.11.6 (MMSA-2024-00378)
The version of Mattermost Server installed on the remote host is prior to 9.11.6. It is, therefore, affected by a improper access control vulnerability as referenced in the MMSA-2024-00378 advisory. Mattermost versions 9.11.x prior to 9.11.5 fail to enforce invite permissions, which allows team...
SUSE CVE-2025-22449
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
CVE-2025-22449
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...