Lucene search
K

30 matches found

Cvelist
Cvelist
added 2026/06/25 6:55 p.m.17 views

CVE-2026-2299 Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS0.00119EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.4 views

SUSE CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.00165EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:19 p.m.3 views

CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 11:27 a.m.13 views

CVE-2026-2458

Mattermost is affected by CVE-2026-2458. Affected versions include 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:25 p.m.1 views

CVE-2026-30236

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/11 4:25 p.m.3 views

CVE-2026-30236 OpenProject users that are not project members can be used to calculate Labor Budget, leaking their global hourly rate

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24740

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user that was planned in the budget is actually a project member. This exposed the user's default rate if one was set up to...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References4
OSV
OSV
added 2026/02/16 1:15 p.m.5 views

CVE-2025-14350

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

4.3CVSS5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/16 12:5 p.m.3 views

CVE-2025-14350

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.5 views

PT-2026-8340

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 Description The software does not properly validate team membership when processing channel mentions. This allows...

9.9CVSS5.2AI score0.27661EPSS
Exploits45References113
RedhatCVE
RedhatCVE
added 2025/11/14 6:2 p.m.6 views

CVE-2025-11777

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

4.3CVSS6.7AI score0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/13 6:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to properly validating team membership permissions in the Add Channel Member API. An attacker can obtain unauthorized access to user metadata and channel membership information from other teams by sending...

4.3CVSS6.6AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/13 6:31 p.m.5 views

EUVD-2025-175343

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

3.1CVSS6.1AI score0.00162EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/13 5:32 p.m.4 views

CVE-2025-11777 Cross-team channel membership access

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint...

3.1CVSS6.2AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-5595

Malware in sbrugna...

4.3CVSS4.5AI score0.00802EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-58777

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-44262

Malicious code in bioql PyPI...

3.5CVSS5AI score0.00254EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/06/30 6:31 p.m.224 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive informatio...

5.4CVSS5.9AI score0.00169EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/22 4:57 p.m.3 views

CVE-2020-13335

Improper group membership validation when deleting a user account in GitLab =7.12 allows a user to delete own account without deleting/transferring their group...

4.3CVSS6.4AI score0.00802EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.4 views

PT-2024-18409 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary affected versions not specified Description: The issue allows a removed user to change the organization name without proper authorization due to the lack of validation to check if a user is still part of an organization befor...

7.5CVSS7.5AI score0.00387EPSS
Exploits1References9
Rows per page
Query Builder