151 matches found
CVE-2025-2570
Mattermost CVE-2025-2570 affects Mattermost Server versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11. Root cause: the system fails to enforce RestrictSystemAdmin when a user lacks access to ExperimentalSettings, allowing a System Manager to access ExperimentSettings via the System Console. Impact: ex...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from not checking the RestrictSystemAdmin setting, which can be exploited by an attacker to cause a system administrator to access...
Mattermost Fails to Restrict Certain Operations on System Admins
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...
CVE-2025-30067
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...
CVE-2025-30067
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...
CVE-2025-30067 Apache Kylin: The remote code execution via jdbc url
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...
CVE-2025-26512
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...
CVE-2025-26512
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...
CVE-2025-21806
In the Linux kernel, the following vulnerability has been resolved: net: let net.core.devweight always be non-zero The following problem was encountered during stability test: NULL netdevice: NAPI poll function processbacklog+0x0/0x530 \ returned 1, exceeding its budget of 0. ------------ cut her...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2022-20939 Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this...
Mattermost Server 9.5.x < 9.5.8 / 9.8.x < 9.8.3 / 9.9.x < 9.9.2 / 9.10.x < 9.10.1 (MMSA-2024-00374)
The version of Mattermost Server installed on the remote host is prior to 9.5.8, 9.8.3, 9.9.2, or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00374 advisory. - Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to...
GO-2024-3094 Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is caused due to a failure to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role...
CVE-2024-39717
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. Tenant level users do not have this privilege. The “Change Favicon” Favorite Icon...
GHSA-5263-PM2H-M7HW Mattermost doesn't restrict which roles can promote a user as system admin
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
Mattermost doesn't restrict which roles can promote a user as system admin
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
CVE-2024-8071
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
CVE-2024-8071
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
CVE-2024-8071
CVE-2024-8071 affects Mattermost Server versions 9.9.x ≤ 9.9.1, 9.5.x ≤ 9.5.7, 9.10.x ≤ 9.10.0, and 9.8.x ≤ 9.8.2. The issue is a failure to restrict which roles can promote a user to system admin, allowing a System Role with edit access to the permissions section of the system console to update ...