3 matches found
Mattermost Server 9.11.x < 9.11.9 / 10.3.x < 10.3.4 / 10.4.x < 10.4.3 (MMSA-2025-00422)
The version of Mattermost Server installed on the remote host is prior to 9.11.9, 10.3.4, or 10.4.3. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00422 advisory. - Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain...
CVE-2025-30179
Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...
CVE-2025-30179 MFA Enforcement Bypass in Search APIs
Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...