5 matches found
SUSE CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...
GO-2025-3604 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint in github.com/mattermost/mattermost-server
Mattermost Fails to Enforce Proper Access Controls on /api/v4/audits Endpoint in github.com/mattermost/mattermost-server...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access control...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access controls, despite not having the required permissions for Compliance Monitoring. Remediation...
CVE-2025-24866
Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...