4 matches found
Sensitive Information Exposure
github.com/mattermost/mattermost-server is vulnerable to sensitive information exposure. The vulnerability is due to improper sanitization of user data, which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...
CVE-2025-11794
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...
CVE-2025-11794 Password hash and MFA secret returned in user email verification endpoint
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...
PT-2025-46949
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0 Description The software does not properly sanitize user data, potentially allowing system administrators to...