CVE-2026-3115

A flaw was found in Mattermost. Authenticated guest users can exploit this vulnerability by retrieving group member IDs through the group retrieval endpoint. This failure to apply view restrictions allows them to enumerate user IDs that are outside their permitted visibility scope, leading to...

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the group retrieval endpoint. An attacker can enumerate user IDs outside their allowed visibility scope by sending...

Mattermost allows authenticated guest users to enumerate user IDs outside their allowed visibility scope

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

GHSA-MPC7-MM28-F6WQ Mattermost allows authenticated guest users to enumerate user IDs outside their allowed visibility scope

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

CVE-2026-3115

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

CVE-2026-3115

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

CVE-2026-3115

Mattermost fixes for CVE-2026-3115 affect this product family: versions 11.2.x ≤ 11.2.2, 10.11.x ≤ 10.11.10, 11.4.x ≤ 11.4.0, and 11.3.x ≤ 11.3.1 fail to apply view restrictions when retrieving group member IDs. This allows authenticated guest users to enumerate user IDs outside their visibility ...

CVE-2026-3115 Guest users can view group member IDs without respecting view restrictions

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

PT-2026-28424

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The application fails to enforce view restrictions when...

Fedora 13 : glpi-0.72.4-2.svn11035.fc13 (2010-5068)

This version correct several bugs. Full upstream changelog : Bug 1893: Unable to access to the model of phones dictionnary Bug 1904: Vlan not add using Template Bug 1906: Message-ID should not use $SERVER'HTTPHOST' Bug 1918: configured listlimitmax not honnoured Bug 1941: Disconnecting a port...

Fedora 12 : glpi-0.72.4-2.svn11035.fc12 (2010-5106)

This version correct several bugs. Full upstream changelog : Bug 1893: Unable to access to the model of phones dictionnary Bug 1904: Vlan not add using Template Bug 1906: Message-ID should not use $SERVER'HTTPHOST' Bug 1918: configured listlimitmax not honnoured Bug 1941: Disconnecting a port...

Low: Red Hat Security Advisory: nss_ldap security and bug fix update

An updated nssldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nssldap package contains the nssldap and pamldap modules. The nssldap module is a plug-in which allows...