Lucene search
K

25 matches found

Cvelist
Cvelist
added 2026/06/25 6:55 p.m.21 views

CVE-2026-2299 Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 11.5.1 and earlier, including 11.5.x, have security vulnerabilities. These vulnerabilities stem from the lack of verification of channel members when processing AI-assisted...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41381

OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining...

5.4CVSS5.2AI score0.00222EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/03 3:17 a.m.6 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the Discord voice ingress process. An attacker can gain unauthorized access to voice channels by bypassing the channel-level member access allowlist. Remediatio...

5.4CVSS5.9AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 3:30 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the channel search API endpoint. An attacker can access information about all public channels within a private team by querying the API after being removed from the team. Remediation Upgrade...

5.3CVSS5.8AI score0.00165EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.13 views

Mattermost Server < 11.0.0 Multiple Vulnerabilities (MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540 advisory. - Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users ...

7.5CVSS5.9AI score0.00297EPSS
Exploits0References4
NVD
NVD
added 2025/11/14 8:15 a.m.6 views

CVE-2025-41436

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

4.3CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/14 8:0 a.m.5 views

EUVD-2025-186557

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

3.1CVSS6.3AI score0.00164EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-24342

Malware in sbrugna...

6.5CVSS6.5AI score0.00585EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.12 views

CVE-2024-47145

Mattermost versions 9.5.x = 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links...

4.3CVSS6.8AI score0.00252EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/25 11:57 p.m.5 views

CVE-2025-27571

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS6.3AI score0.00239EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/24 12:0 a.m.20 views

Mattermost Server 9.11.x < 9.11.10 / 10.4.x < 10.4.4 / 10.5.x < 10.5.2 / 10.6.0 (MMSA-2025-00436)

The version of Mattermost Server installed on the remote host is prior to 9.11.10, 10.4.4, or 10.5.2 / 10.6.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00436 advisory. - Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly...

4.3CVSS4.8AI score0.0025EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/16 6:31 p.m.13 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS6.3AI score0.0025EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/04/16 5:15 p.m.14 views

CVE-2025-2564

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS0.0025EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/16 9:32 a.m.13 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS6.3AI score0.00239EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/16 7:45 a.m.6 views

CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS4.7AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 7:45 a.m.17 views

CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 7:45 a.m.203 views

CVE-2025-27571

CVE-2025-27571 affects Mattermost Server versions 9.11.x &lt;= 9.11.9, 10.4.x &lt;= 10.4.3, and 10.5.x

4.3CVSS4.4AI score0.00239EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/04/01 1:56 p.m.9 views

Incorrect Authorization

Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to improper restriction of command execution due to a flaw that allows authenticated users to run commands in archived channels...

8.8CVSS7.2AI score0.00339EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/03/21 9:30 a.m.19 views

Mattermost Fails to Restrict Command Execution in Archived Channels

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels...

8.8CVSS7.3AI score0.00339EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder