7 matches found
EUVD-2024-34441
Malicious code in bioql PyPI...
Mattermost Access Control Error Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Access Control Error vulnerability that stems from improper access control restrictions and can be exploited by an attacker to cause information disclosure...
GO-2025-3728 Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server
Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server...
GHSA-86JG-35XJ-3VV5 Mattermost fails to properly enforce access control restrictions for System Manager roles
Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...
CVE-2025-2527 Improper access control to group information
Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...
Mattermost Access Control Error Vulnerability (CNVD-2024-45313)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Access Control Error vulnerability that stems from a failure to properly query ElasticSearch when searching for a channel name in the channel switcher, which can be exploited...
Mattermost Access Control Error Vulnerability (CNVD-2023-55043)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Access Control Error vulnerability that stems from not checking the identity of a channel member when accessing a message thread, which can be exploited by an attacker to...