3 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization over the /api/v4/teams/teamid endpoint. A user can view information about public teams they are not a member of. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to version 9.11.14,...
CVE-2025-4128
Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...
CVE-2022-2828
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...