Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2025/04/24 3:24 a.m.1 views

SUSE CVE-2025-27538

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...

2.7CVSS6.8AI score0.00196EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/16 9:32 a.m.2 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function over the PUT /api/v4/users/user-id/mfa endpoint. This allows a user with editotherusers permission to activate or deactivate multi-factor authentication for other users. Remediation Upgrade...

2.7CVSS4.1AI score0.00196EPSS
Exploits0References2
OSV
OSV
added 2025/04/16 8:15 a.m.2 views

CVE-2025-27538

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...

2.7CVSS6.8AI score
Exploits0References1
Snyk
Snyk
added 2025/04/14 9:30 a.m.2 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in that a user with the "Edit Other Users" permission set, but not broader high-level permissions, can modify the properti...

5.1CVSS6.8AI score0.00216EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/14 9:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in that a user with the "Edit Other Users" permission set, but not broader high-level permissions, can modify the properties of admin accounts. Remediation Upgrade...

5.1CVSS6.8AI score0.00216EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:50 a.m.19 views

Showdoc Unauthenticated Access

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...

4.3CVSS6.9AI score0.0126EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2017/10/10 12:0 a.m.4 views

Kanboard Design Vulnerability (CNVD-2017-30948)

Kanboard is a French software developer Frederic Guillot developed a set of open source visualization task board software. The software supports customization of the panel according to the business, task dragging and so on. A security vulnerability exists in Kanboard versions prior to 1.0.47. An...

4.3CVSS4.8AI score0.01191EPSS
Exploits0References1
Rows per page
Query Builder