Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.5 views

PT-2024-33253 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.12 Mattermost versions 9.11.x through 9.11.4 Mattermost versions 10.0.x through 10.0.2 Mattermost versions 10.1.x through 10.1.2 Description: The issue allows an attacker to bypass the "Max failed attempt...

9.3CVSS6AI score0.00856EPSS
Exploits0References19
Cvelist
Cvelist
added 2024/11/09 5:17 p.m.25 views

CVE-2024-42000 Unauthorized Access to view channels' details

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 and 10.0.x = 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that...

2.7CVSS0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.11 views

PT-2024-16133 · Mattermost +2 · Mattermost +2

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Description: The issue arises when ElasticSearch is enabled, and Mattermost fails to properly filter channel data. This allows a user to obtain private channel names by using the cmd+K/ctrl+K shortcut...

9.9CVSS6.2AI score0.97781EPSS
Exploits21References140
Vulnrichment
Vulnrichment
added 2024/08/01 2:5 p.m.13 views

CVE-2024-39777 Malicious remote can invite itself to an arbitrary local channel

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...

8.7CVSS6.7AI score0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/26 12:0 a.m.6 views

PT-2024-24246 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue is related to improper authorization checks. This allows a member running a playbook in an existin...

4.3CVSS7AI score0.00242EPSS
Exploits0References2
Rows per page
Query Builder