Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4635

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS5.4AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 1:30 p.m.2 views

GHSA-PG7C-462J-GRXV Mattermost doesn't archive the channel before removing persistent notifications

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

5.3CVSS5.8AI score0.00172EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 1:44 p.m.15 views

Race Condition

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Race Condition in the process responsible for handling persistent notifications due to a failure to archive the channel before removing existing...

7.1CVSS5.8AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 1:44 p.m.10 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the process responsible for handling persistent notifications due to a failure to archive the channel before removing existing notifications. An attacker can cause the server to crash by timing the creation of a...

7.1CVSS5.8AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/22 10:28 a.m.25 views

CVE-2026-4635 Persistent notification timing attack causing server denial of service

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:28 a.m.10 views

CVE-2026-4635

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS5.8AI score0.00172EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 10:28 a.m.15 views

CVE-2026-4635 Persistent notification timing attack causing server denial of service

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

6.5CVSS5.8AI score0.00172EPSS
Exploits0References1
CVE
CVE
added 2024/01/02 9:54 a.m.236 views

CVE-2023-47858

Mattermost server vulnerability CVE-2023-47858: The issue arises from insufficient verification of permissions when viewing archived public channels via GET /api/v4/teams//channels/deleted, allowing a member of one team to retrieve details about archived channels of another team. The advisory dat...

4.3CVSS4.5AI score0.00359EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder