Lucene search
K

422 matches found

OSV
OSV
added 2025/06/03 5:58 p.m.2 views

GO-2025-3728 Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server

Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server...

4.3CVSS7.1AI score0.00191EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/01 2:47 p.m.6 views

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

4.3CVSS6.6AI score0.00191EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/05/30 3:30 p.m.17 views

Mattermost fails to properly enforce access control restrictions for System Manager roles

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

4.3CVSS6.8AI score0.00191EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/30 3:30 p.m.2 views

GHSA-86JG-35XJ-3VV5 Mattermost fails to properly enforce access control restrictions for System Manager roles

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

3.1CVSS6.8AI score0.00191EPSS
Exploits0References4
NVD
NVD
added 2025/05/30 3:15 p.m.24 views

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

4.3CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/30 2:22 p.m.29 views

CVE-2025-3611 Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

3.1CVSS0.00191EPSS
Exploits0References1
OSV
OSV
added 2025/05/30 2:22 p.m.4 views

CVE-2025-3611 Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

3.1CVSS6AI score0.00191EPSS
Exploits0References3
CVE
CVE
added 2025/05/30 2:22 p.m.54 views

CVE-2025-3611

Mattermost Server: CVE-2025-3611 affects versions 10.7.x <=10.7.0, 10.5.x <=10.5.3, and 9.11.x

4.3CVSS3.9AI score0.00191EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.2 views

PT-2025-23309 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.7.x through 10.7.0 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 9.11.x through 9.11.12 Description: The issue is related to the failure of Mattermost to properly enforce access control restrictions for...

4.3CVSS6AI score0.00191EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2025/05/27 1:14 a.m.3 views

SUSE CVE-2025-2570

Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

2.7CVSS6.9AI score0.00278EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.9 views

CVE-2024-7477

A SQL injection vulnerability was found which could allow a command line interface CLI user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer...

6.7CVSS8.5AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:44 a.m.9 views

CVE-2024-7480

An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface CLI user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer...

4.4CVSS6.9AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.8 views

CVE-2020-8587

OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs...

5.5CVSS6.7AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.8 views

CVE-2019-17276

OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field...

5.4CVSS6.1AI score0.0063EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/15 6:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the ExperimentalSettings function. An attacker can exploit this issue by accessing unauthorized settings through the System Console. Note: This is only exploitable if the RestrictSystemAdmin setting is true,...

5.1CVSS6.9AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2025/05/15 6:31 p.m.36 views

GHSA-FPFF-WJ6M-GRVR Mattermost Fails to Check User Access to `ExperimentalSettings`

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

2.7CVSS6.7AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2025/05/15 3:27 p.m.6 views

CVE-2025-2570 System Admin Cannot Access Environment settings in System Console While System Manager Can

Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

2.7CVSS7.2AI score0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/15 3:27 p.m.10 views

CVE-2025-2570 System Admin Cannot Access Environment settings in System Console While System Manager Can

Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

2.7CVSS3.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 3:27 p.m.32 views

CVE-2025-2570

Mattermost CVE-2025-2570 affects Mattermost Server versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11. Root cause: the system fails to enforce RestrictSystemAdmin when a user lacks access to ExperimentalSettings, allowing a System Manager to access ExperimentSettings via the System Console. Impact: ex...

2.7CVSS3.6AI score0.00278EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/05/07 7:11 p.m.5 views

RLSA-2024:3203 Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

5.9CVSS7.8AI score0.00849EPSS
Exploits0References2
Rows per page
Query Builder