Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.9 views

PT-2026-32417

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.8AI score0.00348EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/08 11:17 p.m.6 views

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.8AI score0.00348EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2025-25413

Malicious code in bioql PyPI...

3.8CVSS6.3AI score0.00189EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/16 11:34 a.m.6 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of authorization for team scheme role modifications, which allows an attacker Team Admins to demote Team Members to Guests via the affected API endpoint...

3.8CVSS6.7AI score0.00189EPSS
Exploits0References5Affected Software4
Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.3 views

Mattermost Server 9.11.x < 9.11.18 / 10.5.x < 10.5.9 / 10.10.0 Incorrect Authorization (MMSA-2025-00485)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00485 advisory. - Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins t...

3.8CVSS5.5AI score0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/23 8:9 a.m.10 views

CVE-2025-53971

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS7.2AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2025/08/21 9:30 a.m.6 views

GHSA-4276-CM8C-788H Mattermost Fails to Properly Validate Team Role Modification

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS7.1AI score0.00189EPSS
Exploits0References4
NVD
NVD
added 2025/08/21 8:15 a.m.32 views

CVE-2025-53971

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 7:31 a.m.34 views

CVE-2025-53971 Channel and Team Membership APIs inadvertently allow loss of Member privileges.

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2025/08/21 7:31 a.m.115 views

CVE-2025-53971

Mattermost Server vulnerability CVE-2025-53971 affects versions 10.5.x ≤ 10.5.8 and 9.11.x ≤ 9.11.17. The issue arises from improper authorization validation for team scheme role modifications, allowing Team Admins to demote Team Members to Guests via PUT /api/v4/teams/{team-id}/members/{user-id}...

3.8CVSS7.1AI score0.00189EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder