Lucene search
K

4 matches found

OSV
OSV
added 2026/05/29 10:57 p.m.9 views

GHSA-W388-2392-PX73 praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspaceid/members/userid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can remove any other member, including the workspace owner, using a single DELETE. There is...

8.1CVSS5.8AI score0.00041EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45063

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspace id/members/user id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member can remove any other member, including the workspace owner, using a single DELETE...

8.1CVSS5.8AI score0.00041EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 11:27 a.m.4 views

CVE-2026-2458 Unauthorized channel enumeration in private teams after member removal

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 11:27 a.m.13 views

CVE-2026-2458

Mattermost is affected by CVE-2026-2458. Affected versions include 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder