4 matches found
CVE-2025-47930
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...
PT-2025-21585 · Zulip · Zulip
Name of the Vulnerable Software and Affected Versions: Zulip versions 10.0 through 10.2 Description: The issue concerns the "Who can create public channels" access control mechanism in Zulip, which can be circumvented by creating a private or web-public channel and then changing the channel priva...
CVE-2024-1942
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...
Vimeo: CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to `Videos` of Channel whose privacy is set to `Private`.
Hello, This time I found a IDORInsecure Direct Object Reference vulnerability. It allows an attacker to get unauthorized access to Videos of Channel whose privacy is set to Only moderators and people I choose without being a member. In simple words, we can access videos of private channel without...