Lucene search
K

15 matches found

OSV
OSV
added 2025/11/17 7:11 p.m.4 views

GO-2025-4126 Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost

Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

4.3CVSS6.7AI score0.00168EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/14 9:30 a.m.3 views

EUVD-2025-186558

Mattermost fails to properly restrict access to archived channel search API...

4.3CVSS6.4AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2025/11/14 9:30 a.m.8 views

GHSA-J6GG-R5JC-47CM Mattermost fails to properly restrict access to archived channel search API

Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...

4.3CVSS6.7AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.11 views

CVE-2024-23488

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...

4.3CVSS4.5AI score0.00314EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:31 p.m.3 views

GHSA-MJ2P-V2C2-VH4V Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS6.3AI score0.00229EPSS
Exploits0References3
CVE
CVE
added 2025/04/16 4:12 p.m.209 views

CVE-2025-2564

Summary: CVE-2025-2564 affects Mattermost Server versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, and 9.11.x

4.3CVSS4.3AI score0.00229EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/04/16 9:32 a.m.3 views

GHSA-H4RR-F37J-4HH7 Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS6.6AI score0.00219EPSS
Exploits0References9
NVD
NVD
added 2025/04/16 8:15 a.m.10 views

CVE-2025-27571

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2025/02/24 8:15 a.m.10 views

CVE-2025-24526

Mattermost versions 10.1.x = 10.1.3, 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access ...

4.3CVSS0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.4 views

PT-2024-29929 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Mattermost versions 9.9.x through 9.9.2 Mattermost versions 9.10.x through 9.10.1 Mattermost versions 9.11.x through 9.11.0 Description: The issue allows an attacker to retrieve post and file informatio...

5.4CVSS6.9AI score0.00215EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an unauthorized access vulnerability that stems from failing to properly authorize access to an archive channel when viewing the archive channel is disabled. An attacker could...

4.3CVSS6.4AI score0.00246EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/29 9:30 a.m.26 views

Mattermost fails to properly restrict the access of files attached to posts

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...

4.3CVSS6.8AI score0.00314EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/29 8:15 a.m.5 views

CVE-2024-23488

Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...

4.3CVSS6.5AI score
Exploits0References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.24 views

Mattermost Access Control Error Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. An access control error vulnerability exists in Mattermost versions 6.1 and earlier, which stems from a network system or product that does not properly restrict access to resources from unauthorized roles, and could be...

6.5CVSS3AI score0.00585EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. An access control error vulnerability exists in Mattermost versions 6.1 and earlier, which stems from a network system or product that does not properly restrict access to resources from unauthorized roles, and could be...

6.5CVSS5.6AI score0.00585EPSS
Exploits0References2
Rows per page
Query Builder