Lucene search
K

8 matches found

Snyk
Snyk
added 2026/04/17 3:31 p.m.5 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the authentication process. An attacker can gain unauthorized access to multiple authenticated...

6.9CVSS5.8AI score0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 3:31 p.m.4 views

EUVD-2026-22915

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 3:31 p.m.8 views

GHSA-MH4X-RMRX-3HP4 Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/17 3:31 p.m.6 views

Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.2AI score0.00145EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2026/04/15 12:16 p.m.4 views

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 11:0 a.m.4 views

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/15 11:0 a.m.33 views

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

6.5CVSS0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 10.11.12 and earlier of the 10.11.x series, as well as versions 11.5.0 and earlier of the 11.5.x series, 11.4.2 and earlier of the 11.4.x series, and 11.3...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References2
Rows per page
Query Builder