23 matches found
SUSE CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
GHSA-9PJ7-JH2R-87G8 Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892
Mattermost versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts. An authenticated attacker with access to the Jira plugin can read post content and attachments from channels they do not have ...
CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
PT-2026-7985
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly validate user permissions when creating Jira issues from Mattermost post...
Command Injection
Overview @sunwood-ai-labs/github-kanban-mcp-server is an A Model Context Protocol server for managing GitHub issues as Kanban using gh CLI Affected versions of this package are vulnerable to Command Injection via the createissue parameter. An attacker can execute arbitrary code in the context of...
CVE-2026-0756
github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2026-0756 github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability
github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw...
GitHub Kanban MCP Server: Operating System Command Injection Vulnerability
GitHub Kanban MCP Server is an application developed by Maki, a personal developer. The GitHub Kanban MCP Server has a vulnerability related to operating system command injection. This vulnerability arises from executing system calls without validating user input when processing the createissue...
CVE-2024-39719
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...
CVE-2022-50351
CVE-2022-50351 affects the Linux kernel CIFS subsystem. The issue stems from leaking an xid in cifs_create() when the CIFS session is shutdown, as the xid is not freed before returning. The vulnerability results in an xid leak (resource exhaustion potential) and has a fixed in the Linux kernel vi...
Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506002330 fixes several issues. The following security issues were fixed: CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. CVE-2024-56582: btrfs: fix use-after-free in btrfsencodedreadendio bsc1235129. CVE-2024-56605:...
SUSE-SU-2025:1238-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506002330 fixes one issue. The following security issue was fixed: - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218...
User Picker Custom field HTML tags showing when creating new issues
h3. Summary Customer reported that when creating custom field User Picker and added html tags in description field, text link shows correctly in Custom Field screen under Administration Setting. However when creating new issues, the create issue form for User Picker field shows the HTML code not...