1115 matches found
CVE-2024-43327
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...
Mattermost Server 9.11.x < 9.11.6 (MMSA-2024-00378)
The version of Mattermost Server installed on the remote host is prior to 9.11.6. It is, therefore, affected by a improper access control vulnerability as referenced in the MMSA-2024-00378 advisory. Mattermost versions 9.11.x prior to 9.11.5 fail to enforce invite permissions, which allows team...
SUSE CVE-2025-22449
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
CVE-2025-22449
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
GHSA-Q8FG-CP3Q-5JWM Mattermost Incorrect Authorization vulnerability
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
Mattermost Incorrect Authorization vulnerability
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
CVE-2025-22449
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
CVE-2025-22449 Access control flaw for team admins allows unauthorized team additions
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
PT-2025-4490 · Mattermost +1 · Mattermost +1
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.0 through 9.11.5 Description: The issue is related to the failure of Mattermost to enforce invite permissions. This allows team admins, who do not have permission to invite users to their team, to invite users by maki...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost version 9.11.5 and previous versions 9.11.x. The vulnerability stems from not properly enforcing invite permissions, which allows team administrators to...
BIT-MATTERMOST-2024-29221
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the /api/v4/users/me/teams endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users,...
Cisco IP Phone Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2007-5583)
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service 486 Busy responses or device reboot via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. This plugin only works with...
Improper Input Validation
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation via invite messages. An attacker can disrupt the /sync functionality by sending a specially crafted invite over federation. Workarou...
GHSA-F3R3-H2MQ-HX2H Synapse allows a a malformed invite to break the invitee's `/sync`
Impact Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Patches Synapse 1.120.1 rejects such invalid invites received ov...
CVE-2024-52815
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
DEBIAN-CVE-2024-52815
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
CVE-2024-52815
CVE-2024-52815 affects the Synapse project (open-source Matrix homeserver). Versions before 1.120.1 fail to properly validate invites received over federation, allowing a malicious server to send a specially crafted invite that disrupts the invited user’s /sync functionality. The issue is mitigat...
CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...