6 matches found
CVE-2025-1472
Mattermost versions 9.11.x = 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics...
CVE-2025-1472
creationtimestamp| type| source ---|---|--- 2025-03-19 18:43:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkqtnbtwmc2s 2025-03-19 18:49:35+00:00| seen| https://t.me/cvedetector/20656...
CVE-2025-1472
Mattermost versions 9.11.x = 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics...
CVE-2025-1472 Unauthorized View Access to Site Statistics and Team Statistics
Mattermost versions 9.11.x = 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics...
CVE-2025-1472 Unauthorized View Access to Site Statistics and Team Statistics
Mattermost versions 9.11.x = 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics...
CVE-2025-1472
CVE-2025-1472 corresponds to Mattermost where versions 9.11.x up to 9.11.8 suffer from an authorization flaw in the Viewer role (configured with No Access to Reporting) that allows viewing team/site statistics. The CVE entry indicates a CVSSv3.1 base score of 4.3 (Medium) with Network attack vect...