489 matches found
CVE-2025-41436
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
CVE-2025-11776
Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...
EUVD-2025-186558
Mattermost fails to properly restrict access to archived channel search API...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...
Mattermost fails to properly restrict access to archived channel search API
Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...
Mattermost allows regular users to access archived channel content and files
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
GHSA-J6GG-R5JC-47CM Mattermost fails to properly restrict access to archived channel search API
Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...
GHSA-X3HX-CH7P-8XGG Mattermost allows regular users to access archived channel content and files
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can...