7 matches found
SUSE CVE-2025-27538
Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function over the PUT /api/v4/users/user-id/mfa endpoint. This allows a user with editotherusers permission to activate or deactivate multi-factor authentication for other users. Remediation Upgrade...
CVE-2025-27538
Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in that a user with the "Edit Other Users" permission set, but not broader high-level permissions, can modify the properti...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in that a user with the "Edit Other Users" permission set, but not broader high-level permissions, can modify the properties of admin accounts. Remediation Upgrade...
Showdoc Unauthenticated Access
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
Kanboard Design Vulnerability (CNVD-2017-30948)
Kanboard is a French software developer Frederic Guillot developed a set of open source visualization task board software. The software supports customization of the panel according to the business, task dragging and so on. A security vulnerability exists in Kanboard versions prior to 1.0.47. An...