Lucene search
K

4 matches found

OSV
OSV
added 2026/04/17 3:31 p.m.3 views

GHSA-M7CF-4GH2-V4QG Mattermost doesn't validate CSRF tokens on an authentication endpoint

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...

6.8CVSS5.8AI score0.00129EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/17 3:31 p.m.8 views

Mattermost doesn't validate CSRF tokens on an authentication endpoint

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...

8.1CVSS5.2AI score0.00129EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/15 11:16 a.m.37 views

CVE-2026-28741

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...

8.1CVSS0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 10:13 a.m.30 views

CVE-2026-28741 CSRF Protection Bypass Allows Updating a User's Authentication Method

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...

6.8CVSS0.00129EPSS
Exploits0References1
Rows per page
Query Builder