Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/05/27 2:23 p.m.41 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS0.00296EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:23 p.m.28 views

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 2:23 p.m.14 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.6 views

CVE-2026-3524

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS5.9AI score0.00378EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 3:31 p.m.6 views

EUVD-2026-19231

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS5.9AI score0.00378EPSS
Exploits0References2
NVD
NVD
added 2026/04/06 1:17 p.m.5 views

CVE-2026-3524

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS0.00378EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/06 1:7 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing return statement after a permission check in the ServeHTTP function. An attacker can gain unauthorized access to, create, download, and delete sensitive legal hold data by sending crafted API...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/06 12:6 p.m.3 views

CVE-2026-3524 Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS5.9AI score0.00378EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 12:6 p.m.17 views

CVE-2026-3524

CVE-2026-3524 affects Mattermost Plugin Legal Hold versions

8.8CVSS5.9AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 12:6 p.m.32 views

CVE-2026-3524 Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS0.00378EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.11 views

PT-2026-30601

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS5.9AI score0.00378EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2020/02/03 2:5 p.m.43 views

New capabilities for eDiscovery now available

With the exponential growth of data, there is a pressing need for broader visibility into ever-increasing case activities that require eDiscovery to extend to chat-based communication and collaboration tools. New capabilities help you manage eDiscovery in Microsoft Teams including the ability to...

1.4AI score
Exploits0
Rows per page
Query Builder