3 matches found
Missing Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authorization in the invite ID validation process. An attacker can gain unauthorized access to create accounts by using leaked invite IDs...
GHSA-FX49-M253-27JJ Mattermost fails to filter invite IDs based on user permissions
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation. Mattermost Advisory ID:...
PT-2026-25679
Mattermost fails to filter invite IDs based on user permissions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...