19 matches found
GO-2026-4735 Mattermost fails to filter invite IDs based on user permissions in github.com/mattermost/mattermost-server
Mattermost fails to filter invite IDs based on user permissions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
Mattermost fails to filter invite IDs based on user permissions
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation. Mattermost Advisory ID:...
CVE-2026-2463
CVE-2026-2463 affects Mattermost up to versions 11.3.0, 11.2.2, and 10.11.10. The issue arises because invite IDs are not properly filtered by user permissions during team creation, allowing regular users to bypass access controls and register unauthorized accounts via leaked invite IDs. The vuln...
CVE-2026-2463 Unauthorized access to invite ID during team creation
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID:...
CVE-2026-2463 Unauthorized access to invite ID during team creation
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID:...
CVE-2017-18902
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...
SUSE CVE-2017-18902
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...
EUVD-2019-11405
Malware in sbrugna...
CVE-2025-3913
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the...
CVE-2019-20868
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...
Mattermost Server 安全漏洞
Mattermost Server is an open source messaging platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost Server versions prior to 9.5.2, prior to 9.4.4, prior to 9.3.3, and prior to 8.1.11, which stems from a lack of proper access control in /api/v4/, where...
GHSA-JWFV-5HWQ-F97R Mattermost Server exposes team invite IDs through API endpoints
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...
Mattermost Server exposes team invite IDs through API endpoints
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...
CVE-2017-18902
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...
Code injection
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...
CVE-2019-20868
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...
CVE-2019-20868
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...
Code injection
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...
CVE-2019-20868
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated...