Lucene search
K

4 matches found

Veracode
Veracode
added 2026/04/20 6:40 a.m.7 views

Sensitive Information Exposure

github.com/mattermost/mattermost-server is vulnerable to sensitive information exposure. The vulnerability is due to improper sanitization of user data, which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS5.8AI score0.00249EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2025/11/14 11:15 a.m.21 views

CVE-2025-11794

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS0.00249EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 10:45 a.m.6 views

CVE-2025-11794 Password hash and MFA secret returned in user email verification endpoint

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS6AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.7 views

PT-2025-46949

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0 Description The software does not properly sanitize user data, potentially allowing system administrators to...

4.9CVSS6.8AI score0.00249EPSS
Exploits0References15
Rows per page
Query Builder