Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2026/01/06 12:28 a.m.16 views

SUSE CVE-2025-12419

Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of...

9.9CVSS6.8AI score0.0031EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.4 views

Mattermost Server 10.5.x <= 10.5.12 / 10.11.x <= 10.11.4 / 10.12.x <= 10.12.1 / 11.0.x <= 11.0.3 Improper Authentication (MMSA-2025-00547)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00547 advisory. - Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID...

9.9CVSS7.1AI score0.0031EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/28 8:8 p.m.4 views

CVE-2025-12419

Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of...

9.9CVSS6.7AI score0.0031EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/27 6:41 p.m.2 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm. An attacker can gain unauthorized access to another user's account by leveraging a specially crafted email address when switching authentication methods and sending a request to the...

9.9CVSS7AI score0.0031EPSS
Exploits0References2
OSV
OSV
added 2025/11/27 6:30 p.m.6 views

GHSA-3X39-62H4-F8J6 Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication

Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of...

9.9CVSS6.6AI score0.0031EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2025/11/27 6:30 p.m.8 views

Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication

Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of...

9.9CVSS6.7AI score0.0031EPSS
Exploits0References9Affected Software2
Rows per page
Query Builder