8 matches found
EUVD-2017-1249
Malware in sbrugna...
EUVD-2022-34720
Malicious code in bioql PyPI...
CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission
Mattermost fails to check the "inviteguest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server...
CVE-2023-32677 Users who can send invitations can erroneously add users to streams during invitation in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite ...
CVE-2022-1385 Invitation Email is resent as a Reminder after invalidating pending email invites
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...
CVE-2022-1002 HTML Injection while inviting Guests
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...
openSUSE Security Update : mailman (openSUSE-2019-495)
This update for mailman to version 2.1.27 fixes the following issues : This security issue was fixed : - CVE-2018-0618: Additional protections against injecting scripts into listinfo and error messages pages bsc1099510. These non-security issues were fixed : - The hash generated when...
Shopify: Invitation issue
Only the the store owner is allowed to create new staff members, but staff members with full access can take over other invited staff members' accounts using the invitation link that was available in Settings - Account page. To resolve this, we changed the display of the Account page so only the...