13 matches found
SUSE CVE-2025-2475
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...
Authentication Bypass
github.com/mattermost/mattermost-server is vulnerable to a Authentication Bypass. The vulnerability is due to inadequate cache management during the user-to-bot conversion process, which allows an attacker to log in to the bot once using the original user credentials by bypassing normal...
CVE-2025-2475
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...
SUSE CVE-2025-1412
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
GO-2025-3482 Mattermost fails to invalidate all active sessions when converting a user to a bot in github.com/mattermost/mattermost-server
Mattermost fails to invalidate all active sessions when converting a user to a bot in github.com/mattermost/mattermost-server...
Session Fixation
github.com/mattermost/mattermost-server is vulnerable to Session Fixation. The vulnerability is due to improper session invalidation when converting a user to a bot, allows the user to retain their previous session and potentially escalate privileges based on the bot’s assigned permissions...
Mattermost fails to invalidate all active sessions when converting a user to a bot
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
GHSA-RHVR-6W8C-6V7W Mattermost fails to invalidate all active sessions when converting a user to a bot
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2025-1412
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2025-1412
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2025-1412 Session Persistence After User-to-Bot Conversion
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2025-1412 Session Persistence After User-to-Bot Conversion
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2025-1412
CVE-2025-1412 affects Mattermost Server 9.11.x (up to 9.11.6) and 10.4.x (up to 10.4.1). The issue: when converting a user to a bot, active sessions are not invalidated, enabling the converted user to escalate privileges depending on the bot’s granted permissions. Documented impact: potential pri...