5 matches found
Mattermost Server 9.11.x < 9.11.12 / 10.4.x < 10.4.5 / 10.5.x < 10.5.3 / 10.6.x < 10.6.2 (MMSA-2025-00459)
The version of Mattermost Server installed on the remote host is prior to 9.11.12, 10.4.5, 10.5.3, or 10.6.2. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00459 advisory. - Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail...
CVE-2025-3446
Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...
CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams
Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...
CVE-2025-3446
Summary: Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x
CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams
Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team...