Lucene search
K

5 matches found

Veracode
Veracode
added 2025/12/05 9:8 a.m.7 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to improper access control. The vulnerability is due to Mattermost failing to verify whether a user has permission to join a team when using the original invite token, which allows an attacker to manipulate the OAuth state and join any team on...

8.1CVSS6.5AI score0.00379EPSS
Exploits0References5Affected Software2
SUSE CVE
SUSE CVE
added 2025/11/09 12:24 a.m.4 views

SUSE CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.6 views

Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2025/10/16 9:30 a.m.6 views

GHSA-6Q7M-P8CC-998R Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.9AI score0.00379EPSS
Exploits0References6
OSV
OSV
added 2025/10/16 9:30 a.m.10 views

GHSA-R6QJ-894F-5HR2 Mattermost has a Missing Authorization vulnerability

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS
Exploits0References6
Rows per page
Query Builder