30 matches found
PT-2026-32417
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...
CVE-2026-4916
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...
UBUNTU-CVE-2026-4916
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...
PT-2026-31547
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 Description A flaw existed in GitLab CE/EE where an authenticated user with custom role permissions could potentially demote or remove higher-privileged...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient validation of permission requirements in the team member roles API endpoint. An attacker can gain...
CVE-2026-26230
A permissions validation flaw has been discovered in mattermost server. Affected versions fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mitigation Mitigation for this issue is either not...
CVE-2026-26230
Mattermost: Affected software is Mattermost 10.11.x up to 10.11.10. The issue arises from improper validation of permission requirements in the team member roles API endpoint, enabling a team administrator to demote members to the guest role. Root cause is insufficient permission checks in that e...
CVE-2026-26230
Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...
CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest
Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...
CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest
Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...
CVE-2025-12641 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion
The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...
CVE-2023-50333
Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names...
EUVD-2025-25413
Malicious code in bioql PyPI...
EUVD-2024-1107
Malicious code in bioql PyPI...
Improper Authorization
github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of authorization for team scheme role modifications, which allows an attacker Team Admins to demote Team Members to Guests via the affected API endpoint...
Mattermost Server 9.11.x < 9.11.18 / 10.5.x < 10.5.9 / 10.10.0 Incorrect Authorization (MMSA-2025-00485)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00485 advisory. - Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins t...
CVE-2025-53971
Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...
Mattermost Fails to Properly Validate Team Role Modification
Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...
GHSA-4276-CM8C-788H Mattermost Fails to Properly Validate Team Role Modification
Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...
CVE-2025-53971
Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...