Lucene search
K

46 matches found

Veracode
Veracode
added 2025/12/17 12:31 p.m.7 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to failure to verify whether a user has permission to join a Mattermost team when processing the original invite token, which allows an attacker to manipulate the RelayState parameter and joi...

8.1CVSS6.5AI score0.00307EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2025/12/05 9:8 a.m.7 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to Mattermost failing to verify whether a user has permission to join a team when using the original invite token, which allows an attacker to manipulate the OAuth state and join any team on...

8.1CVSS6.5AI score0.00379EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2025/11/29 2:45 a.m.3 views

CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

8.4CVSS6.7AI score0.00238EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/11/09 12:24 a.m.4 views

SUSE CVE-2025-58073

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.9AI score0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/11/09 12:24 a.m.5 views

SUSE CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.6 views

Mattermost Server 10.5.x < 10.5.11 / 10.10.x < 10.10.3 / 10.11.x 10.11.2 / 10.12.0 Multiple Vulnerabilities (MMSA-2025-00507, MMSA-2025-00508)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2025-00507, MMSA-2025-00508 advisories. - Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.3, 10.5.x = 10.5.10 fail to verify a user has permission to join a...

8.1CVSS5.5AI score0.00379EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/17 8:40 a.m.11 views

CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.8AI score0.00307EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/16 9:30 a.m.2 views

Missing Authorization

Overview github.com/mattermost/mattermost/server/v8/channels/web is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authorization in the fullyQualifiedRedirectURL function. An attacker can gain...

8.6CVSS7AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/16 9:30 a.m.2 views

Missing Authorization

Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Missing Authorization in the fullyQualifiedRedirectURL function. An attacker can gain unauthorized access to any team by manipulating the...

8.6CVSS7AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/16 9:30 a.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the fullyQualifiedRedirectURL function. An attacker can gain unauthorized access to any team by manipulating the invite token, bypassing intended restrictions. Remediation Upgrade...

8.6CVSS6.8AI score0.00379EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/16 9:30 a.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the fullyQualifiedRedirectURL function. An attacker can gain unauthorized access to any team by manipulating the invite token, bypassing intended restrictions. Remediation Upgrade...

8.6CVSS7AI score0.00379EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 9:30 a.m.10 views

GHSA-R6QJ-894F-5HR2 Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS
Exploits0References6
OSV
OSV
added 2025/10/16 9:30 a.m.7 views

GHSA-6Q7M-P8CC-998R Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.9AI score0.00379EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/16 9:30 a.m.8 views

EUVD-2025-34740

Mattermost has a Missing Authorization vulnerability...

8.1CVSS6.5AI score0.00379EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/16 9:30 a.m.14 views

EUVD-2025-34729

Mattermost has a Missing Authorization vulnerability...

8.1CVSS6.5AI score0.00307EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.12 views

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.9AI score0.00379EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.7 views

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2025/10/16 9:15 a.m.41 views

CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS0.00307EPSS
Exploits0References1
NVD
NVD
added 2025/10/16 9:15 a.m.29 views

CVE-2025-58073

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS0.00379EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/16 8:44 a.m.23 views

CVE-2025-58073 Arbitrary Mattermost Team can be joined by manipulating the OAuth state

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS0.00379EPSS
Exploits0References1
Rows per page
Query Builder