Lucene search
+L

489 matches found

RedhatCVE
RedhatCVE
added 2025/11/15 8:40 a.m.11 views

CVE-2025-41436

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

4.3CVSS6.8AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/15 8:40 a.m.6 views

CVE-2025-11776

Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...

4.3CVSS6.8AI score0.00188EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/14 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/14 9:30 a.m.4 views

EUVD-2025-186558

Mattermost fails to properly restrict access to archived channel search API...

4.3CVSS6.4AI score0.00188EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/14 9:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.2 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00188EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/14 9:30 a.m.8 views

Mattermost fails to properly restrict access to archived channel search API

Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...

4.3CVSS6.9AI score0.00188EPSS
Exploits0References4Affected Software5
Github Security Blog
Github Security Blog
added 2025/11/14 9:30 a.m.7 views

Mattermost allows regular users to access archived channel content and files

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

4.3CVSS6.7AI score0.00164EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2025/11/14 9:30 a.m.8 views

GHSA-J6GG-R5JC-47CM Mattermost fails to properly restrict access to archived channel search API

Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...

4.3CVSS6.7AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2025/11/14 9:30 a.m.10 views

GHSA-X3HX-CH7P-8XGG Mattermost allows regular users to access archived channel content and files

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

3.1CVSS6.7AI score0.00164EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...

4.3CVSS6.7AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...

4.3CVSS6.8AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...

4.3CVSS6.5AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 8:43 a.m.2 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can...

4.3CVSS6.8AI score0.00164EPSS
Exploits0References2
Rows per page
Query Builder