Lucene search
K

9 matches found

Snyk
Snyk
added 2026/03/16 3:30 p.m.2 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in the authentication process. An attacker can change another user's account password without confirmation by falsely...

3.5CVSS5.8AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 3:30 p.m.3 views

Memory Allocation with Excessive Size Value

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the integration action endpoints. An attacker can exhaust server memory and disrupt service...

5.9CVSS5.8AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/27 6:41 p.m.2 views

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm. An attacker can gain unauthorized access to another user's account by leveraging a specially crafted email address when switching authentication methods and sending a request to the...

9.9CVSS7AI score0.0031EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/14 9:30 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/teams/teamid/channels/searcharchived endpoint. An attacker can access information about archived public channels by sending crafted requests as a guest user. Remediation Upgrade...

5.3CVSS6.6AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/21 9:30 a.m.3 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles endpoint. An attacker can modify team member roles without...

5.1CVSS7AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/15 6:31 p.m.1 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization due to the improper verification of user permissions when accessing groups. An attacker can view unauthorized group...

5.3CVSS6.7AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/22 4:56 p.m.1 views

Exposure of Sensitive Information Through Metadata

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata when executing the UpdateChannelBookmark function, due to improper handling of user permissions...

4.3CVSS6.8AI score0.00225EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/14 9:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in that a user with the "Edit Other Users" permission set, but not broader high-level permissions, can modify the properties of admin accounts. Remediation Upgrade...

5.1CVSS6.8AI score0.00216EPSS
Exploits0References2
Rows per page
Query Builder