3 matches found
Improper Access Control
github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to insufficient validation of guest user permissions when accessing channel information, which allows an attacker to discover active public channels and their metadata via the...
Mattermost Server 10.5.x < 10.5.11 / 10.11.x < 10.11.3 / 10.12.0 Multiple Vulnerabilities (MMSA-2025-00497, MMSA-2025-00496, MMSA-2025-00516)
The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2025-00497, MMSA-2025-00496, MMSA-2025-00516 advisories. - Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when...
CVE-2020-14458
An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004...