2 matches found
CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...
PT-2022-24804 · Unknown · Matrix-Appservice-Irc
Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 0.35.0 Description: The issue allows attackers to specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them ...