15 matches found
GO-2025-4126 Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
EUVD-2025-186558
Mattermost fails to properly restrict access to archived channel search API...
GHSA-J6GG-R5JC-47CM Mattermost fails to properly restrict access to archived channel search API
Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...
CVE-2024-23488
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...
GHSA-MJ2P-V2C2-VH4V Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...
CVE-2025-2564
Summary: CVE-2025-2564 affects Mattermost Server versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, and 9.11.x
GHSA-H4RR-F37J-4HH7 Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...
CVE-2025-27571
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...
CVE-2025-24526
Mattermost versions 10.1.x = 10.1.3, 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access ...
PT-2024-29929 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Mattermost versions 9.9.x through 9.9.2 Mattermost versions 9.10.x through 9.10.1 Mattermost versions 9.11.x through 9.11.0 Description: The issue allows an attacker to retrieve post and file informatio...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an unauthorized access vulnerability that stems from failing to properly authorize access to an archive channel when viewing the archive channel is disabled. An attacker could...
Mattermost fails to properly restrict the access of files attached to posts
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...
CVE-2024-23488
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...
Mattermost Access Control Error Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. An access control error vulnerability exists in Mattermost versions 6.1 and earlier, which stems from a network system or product that does not properly restrict access to resources from unauthorized roles, and could be...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. An access control error vulnerability exists in Mattermost versions 6.1 and earlier, which stems from a network system or product that does not properly restrict access to resources from unauthorized roles, and could be...