7 matches found
PT-2026-29939
A Fleet team maintainer can transfer hosts from any team via missing source team authorization in github.com/fleetdm/fleet...
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to Mattermost failing to verify whether a user has permission to join a team when using the original invite token, which allows an attacker to manipulate the OAuth state and join any team on...
SUSE CVE-2025-58075
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...
GHSA-6Q7M-P8CC-998R Mattermost has a Missing Authorization vulnerability
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...
Mattermost has a Missing Authorization vulnerability
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...
GHSA-R6QJ-894F-5HR2 Mattermost has a Missing Authorization vulnerability
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...
PT-2021-17773 · Grafana +2 · Grafana Enterprise +3
Name of the Vulnerable Software and Affected Versions: Grafana Enterprise versions 6.x through 6.7.5 Grafana Enterprise versions 7.x through 7.3.9 Grafana Enterprise versions 7.4.x through 7.4.4 Description: The team sync HTTP API in Grafana Enterprise presents an Incorrect Access Control issue. ...