Lucene search
K

11 matches found

NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/02/16 12:5 p.m.5 views

CVE-2025-14350 Information disclosure via channel mentions in posts

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

4.3CVSS6AI score0.00162EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/16 12:5 p.m.3 views

CVE-2025-14350

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.6 views

PT-2026-8340

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly validate team membership when processing channel mentions. This allows...

9.9CVSS5.2AI score0.27661EPSS
Exploits45References113
RedhatCVE
RedhatCVE
added 2025/11/14 6:2 p.m.6 views

CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/13 6:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to properly validating team membership permissions in the Add Channel Member API. An attacker can obtain unauthorized access to user metadata and channel membership information from other teams by sending...

4.3CVSS6.6AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/13 6:31 p.m.6 views

EUVD-2025-175343

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

3.1CVSS6.1AI score0.00162EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/13 5:32 p.m.5 views

CVE-2025-11777 Cross-team channel membership access

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

3.1CVSS6.2AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-58777

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00317EPSS
Exploits0References1
Prion
Prion
added 2023/12/12 9:15 a.m.13 views

Code injection

Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to...

5.5CVSS7AI score0.00317EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/12 8:22 a.m.6 views

CVE-2023-6547 Playbooks access/modification by removed team member

Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to...

3.7CVSS5.5AI score0.00317EPSS
Exploits0References1
Rows per page
Query Builder