5 matches found
EUVD-2024-34599
Malicious code in bioql PyPI...
CVE-2024-23493
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...
BIT-MATTERMOST-2024-23493
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of...
Exposure Of Sensitive Information To An Unauthorized Actor
Mattermost is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a lack of proper authorization checks in the /api/v4/groups//channels//link endpoint, allowing users to learn members of an AD/LDAP group linked to a team by adding the group to a...
CVE-2024-34029
Mattermost versions 9.5.x /channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team...