Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.4 views

SUSE CVE-2026-4265

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...

4.3CVSS5.9AI score0.00218EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/16 3:30 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the upload process. An attacker can bypass team-specific file upload restrictions by uploading files in a team where they have permission and reusing the file metadata in a POST request to a different team...

5.3CVSS5.9AI score0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12425

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:20 p.m.6 views

CVE-2026-4265

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...

4.3CVSS0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.7 views

PT-2026-25705

Mattermost fails to validate team-specific upload file permissions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References9
Rows per page
Query Builder