3 matches found
CVE-2025-4128 Mattermost Guest User Information Disclosure Vulnerability
Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...
CVE-2025-4128
CVE-2025-4128 affects Mattermost server: vulnerable products are Mattermost versions 10.5.x (up to 10.5.4) and 9.11.x (up to 9.11.13). The issue is an improper access restriction that allows guest users to bypass permissions and view information about public teams they are not members of via dire...
CVE-2025-4128 Mattermost Guest User Information Disclosure Vulnerability
Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...