Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/07/02 5:24 p.m.33 views

CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS7.2AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2025/06/30 5:15 p.m.13 views

CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS6.2AI score
Exploits0References1
Hacker One
Hacker One
added 2025/04/20 6:56 p.m.1260 views

Dust: Unauthorized Table Creation by Member

A member user was able to create tables inside restricted company data spaces, despite the UI indicating that only workspace builders admins should be allowed. The "Add Data" button appeared disabled in the UI, but it was still interactable and functional, allowing the member to successfully crea...

6.9AI score
Exploits0
OSV
OSV
added 2024/03/06 11:22 a.m.20 views

BIT-GITLAB-2020-13320

An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard...

6.5CVSS6AI score0.01038EPSS
Exploits1References3
OSV
OSV
added 2023/11/29 5:15 p.m.5 views

CVE-2023-6218

In Progress MOVEit Transfer versions released before 2022.0.9 14.0.9, 2022.1.10 14.1.10, 2023.0.7 15.0.7, a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an...

7.2CVSS5.7AI score0.00696EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/09/03 7:19 p.m.41 views

CVE-2020-14388

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission...

6.3CVSS2.5AI score0.00598EPSS
Exploits0References3
Hacker One
Hacker One
added 2015/12/19 3:6 p.m.16 views

HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...

6.8AI score
Exploits0
Rows per page
Query Builder