44 matches found
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Slack import process. An attacker can gain unauthorized access to user accounts by obtaining disclosed passwords and impersonating users. Remediation Upgrade...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Slack import process. An attacker can gain unauthorized access to user accounts by obtaining disclosed passwords and impersonating users. Remediation Upgrade...
CVE-2026-6345
Mattermost advisory CVE-2026-6345 affects Mattermost versions 11.4.x ≤ 11.4.3, 11.5.x ≤ 11.5.1 and 10.11.x ≤ 10.11.13. The issue is described as failing to prevent disclosure of created user passwords during the Slack import process, which could allow a malicious actor to impersonate a user using...
CVE-2026-6345 Prevent password disclosure and force reset during Slack import
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614...
CVE-2026-6345 Prevent password disclosure and force reset during Slack import
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614...
Improper Authentication
github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to failure to validate email ownership during the Slack import process, which allows an attacker to create verified user accounts with arbitrary email domains and bypass email-based team...
SUSE CVE-2025-41410
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
Mattermost Server 10.5.x < 10.5.11 / 10.10.x < 10.10.3 / 10.11.x 10.11.3 / 10.12.0 Missing Authorization (MMSA-2025-00525)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00525 advisory. - Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows...
CVE-2025-41410
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
GHSA-3Q4Q-WQM6-HVF3 Mattermost has a Missing Authorization vulnerability
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the Slack import functionality. An attacker can create verified user accounts with arbitrary email domains by submitting malicious import data to bypass email-based team access restrictions. Remediation Upgrade...
EUVD-2025-34742
Mattermost has a Missing Authorization vulnerability...
Missing Authorization
Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Missing Authorization via the Slack import functionality. An attacker can create verified user accounts with arbitrary email domains by...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the Slack import functionality. An attacker can create verified user accounts with arbitrary email domains by submitting malicious import data to bypass email-based team access restrictions. Remediation Upgrade...
Mattermost has a Missing Authorization vulnerability
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the Slack import functionality. An attacker can create verified user accounts with arbitrary email domains by submitting malicious import data to bypass email-based team access restrictions. Remediation Upgrade...
CVE-2025-41410
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
CVE-2025-41410
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
CVE-2025-41410 Slack import bypasses email verification for team access controls
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...
CVE-2025-41410 Slack import bypasses email verification for team access controls
Mattermost versions 10.10.x = 10.10.2, 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictio...