Lucene search
K

50 matches found

OSV
OSV
added 2026/05/18 9:31 a.m.22 views

GHSA-XVCX-MGPC-5XH3 Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

4.3CVSS5.8AI score0.00113EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/18 8:5 a.m.18 views

EUVD-2026-30749

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

4.3CVSS5.8AI score0.00113EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 8:29 p.m.45 views

CVE-2026-45385 Open WebUI: An IDOR vulnerability exists in the update_message_by_id API endpoint

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

4.3CVSS0.00204EPSS
Exploits1References1
Veracode
Veracode
added 2026/05/08 8:6 a.m.17 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient validation of team membership permissions in the Add Channel Member API, which allows an attacker to exploit the API endpoint to access user metadata and channel membership...

4.3CVSS7.2AI score0.00162EPSS
Exploits0References5Affected Software2
CNVD
CNVD
added 2026/04/10 12:0 a.m.5 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17255)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the possibility of inferring the identity of a channel...

4.3CVSS5.7AI score0.00201EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the possibility of inferring the identity of a channel...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.8 views

CVE-2025-1792

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint...

3.1CVSS6.6AI score0.00205EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/06 12:28 a.m.8 views

SUSE CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00162EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/12 12:25 a.m.4 views

SUSE CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/26 10:55 p.m.5 views

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2025/11/25 6:12 p.m.7 views

GO-2025-4133 Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server

Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

3.5CVSS6.6AI score0.00148EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

Mattermost Server 10.5.x < 10.5.12 / 10.11.x 10.11.4 / 11.0.0 Missing Authorization (MMSA-2025-00518)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00518 advisory. - Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows...

4.3CVSS7.3AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 6:32 p.m.6 views

EUVD-2025-198045

Mattermost allows other users to determine when users had read channels via channel member objects...

3CVSS6.3AI score0.00148EPSS
Exploits0References7
OSV
OSV
added 2025/11/18 6:32 p.m.6 views

GHSA-9HH7-6558-QFP2 Mattermost allows other users to determine when users had read channels via channel member objects

Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3CVSS6.4AI score0.00148EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/11/18 6:32 p.m.15 views

Mattermost allows other users to determine when users had read channels via channel member objects

Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References8Affected Software2
Vulnrichment
Vulnrichment
added 2025/11/18 3:23 p.m.2 views

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3CVSS6.4AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 3:23 p.m.20 views

CVE-2025-55074

Mattermost server (versions 10.11.x &lt;= 10.11.3 and 10.5.x

3.5CVSS6.4AI score0.00148EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.12 views

PT-2025-47329

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Description The Mattermost application does not properly enforce access permissions within the Agents plugin. This allows other users to determine when user...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/11/14 6:2 p.m.7 views

CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/13 6:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to properly validating team membership permissions in the Add Channel Member API. An attacker can obtain unauthorized access to user metadata and channel membership information from other teams by sending...

4.3CVSS6.6AI score0.00162EPSS
Exploits0References2
Rows per page
Query Builder