11 matches found
CVE-2024-41162
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...
CVE-2024-39777
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...
EUVD-2024-2608
Malicious code in bioql PyPI...
BIT-MATTERMOST-2024-41162
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...
GO-2024-3092 Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server...
Mattermost allows unsolicited invites to expose access to local channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...
GHSA-Q22Q-2RRF-M27P Mattermost allows unsolicited invites to expose access to local channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...
CVE-2024-39777
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...
CVE-2024-39777 Malicious remote can invite itself to an arbitrary local channel
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...
PT-2024-28671 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.9.x through 9.9.0 Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Description: The issue allows malicious remote users to send unsolicited invites,...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to disable unsolicited invitations to publicize access to a local channel when the shared channel is enabled, which allows a...