3 matches found
Mattermost Server 9.10.x < 9.10.1 / 9.5.x < 9.5.8 (MMSA-2024-00352)
The version of Mattermost Server installed on the remote host is 9.5.x prior to 9.5.8 or 9.10.0 prior to 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00352 advisory. - Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions...
CVE-2024-40884 Unauthorized disabling of invite URL
Mattermost versions 9.5.x = 9.5.7, 9.10.x = 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL...
CVE-2024-40884
Mattermost Server 9.5.x (up to 9.5.7) and 9.10.x (up to 9.10.0) are affected by an improper access control issue that allows a team admin user without the Add Team Members permission to disable the invite URL. The issue is caused by insufficient enforcement of permissions (no explicit access cont...