3 matches found
Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring matching flaw
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...
CVE-2026-27656
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...
PT-2026-27989
Name of the Vulnerable Software and Affected Versions Mattermost versions 11.4.0 and earlier, 11.3.1 and earlier, 11.2.3 and earlier, 10.11.11 and earlier Description The software does not properly validate user identity within the OpenID IsSameUser comparison logic. This flaw, stemming from over...