GO-2026-4519 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels in github.com/mattermost/mattermost-plugin-zoom

Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels in github.com/mattermost/mattermost-plugin-zoom...

GHSA-2PHX-FRHF-XR55 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

CVE-2026-0997

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

CVE-2026-0997 Mattermost Zoom Plugin channel preference API lacks authorization checks

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to inadequate validation when shared channels are enabled, allowing an attacker to create, update, or delete arbitrary posts in arbitrary channels...

GO-2024-3023 Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server

Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server...

GHSA-VG67-CHM7-8M3J Mattermost allows remote actor to create/update/delete posts in arbitrary channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...

CVE-2024-39837

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from a failure to properly restrict channel creation when shared channels are enabled, which allows a malicious remote person to create arbitrar...

PT-2024-29293 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue arises from the failure to properly validate synced posts...

PT-2024-28692 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Description: The issue is related to the improper restriction of channel creation, allowing a malicious remote user to create arbitrary channels when shared...

DEBIAN-CVE-2019-11783

Improper access control in mail module channel partners in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited...