Lucene search
K

195 matches found

NVD
NVD
added 2026/05/22 5:16 p.m.17 views

CVE-2026-28735

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 4:26 p.m.14 views

CVE-2026-28735 GitHub OAuth Scope Validation

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:26 p.m.6 views

CVE-2026-28735

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/22 4:26 p.m.12 views

EUVD-2026-31465

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 4:26 p.m.11 views

CVE-2026-28735 GitHub OAuth Scope Validation

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 4:26 p.m.42 views

CVE-2026-28735

Mattermost versions 10.11.x up to 10.11.14, 11.4.x up to 11.4.4, 11.5.x up to 11.5.3, and 11.6.x up to 11.6.0 fail to validate the OAuth token scope on the callback, enabling an authenticated Mattermost user to gain access to private repositories by modifying the scope parameter in the GitHub aut...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42799

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description An issue exists where the software fails to validate the OAuth token scope during the callback process. This allows an...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/22 12:31 a.m.5 views

EUVD-2026-24550

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

5.3CVSS5.8AI score0.00296EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/22 12:31 a.m.7 views

EUVD-2026-24552

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

7.2CVSS5.8AI score0.0023EPSS
Exploits0References8
NVD
NVD
added 2026/04/21 11:16 p.m.5 views

CVE-2026-5512

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

5.3CVSS0.00296EPSS
Exploits0References7
NVD
NVD
added 2026/04/21 11:16 p.m.9 views

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

9.6CVSS0.0023EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/21 10:42 p.m.38 views

CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

7.2CVSS0.0023EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/21 10:42 p.m.7 views

CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

7.2CVSS5.8AI score0.0023EPSS
Exploits0References7
CVE
CVE
added 2026/04/21 10:42 p.m.23 views

CVE-2026-5845

Summary: CVE-2026-5845 affects GitHub Enterprise Server versions prior to 3.21, due to an improper authorization fallback in scoped user-to-server (ghu_) token handling. An authenticated attacker could access private repositories outside the intended installation scope, potentially including writ...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:42 p.m.4 views

CVE-2026-5845

An improper authorization vulnerability in scoped user-to-server ghu token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that...

7.2CVSS5.8AI score0.0023EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/04/21 10:12 p.m.20 views

CVE-2026-5512

CVE-2026-5512 describes an improper authorization vulnerability in GitHub Enterprise Server where an authenticated attacker could determine private repository names by numeric ID via the mobile upload policy API endpoint. The issue arises from a failure to perform an early authorization check and...

5.3CVSS5.8AI score0.00296EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:12 p.m.4 views

CVE-2026-5512

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

5.3CVSS5.8AI score0.00296EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/04/21 10:12 p.m.36 views

CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

5.3CVSS0.00296EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-34211

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper authorization issue exists where an authenticated attacker can determine the names of private repositories using their numeric ID. This occurs because the mobile upload...

5.3CVSS5.8AI score0.00296EPSS
Exploits0References10
Rows per page
Query Builder