Lucene search
K

10 matches found

NVD
NVD
added 2026/06/12 5:16 p.m.12 views

CVE-2026-6689

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 3:51 p.m.10 views

EUVD-2026-36501

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 3:51 p.m.11 views

CVE-2026-6689 *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 3:51 p.m.17 views

CVE-2026-6689

Mattermost vulnerable versions: 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x

4.3CVSS5.3AI score0.00152EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 3:51 p.m.27 views

CVE-2026-6689 *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48937

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description An issue exists where the system fails to enforce the PermissionInviteUser check when setting...

4.3CVSS5.9AI score0.00152EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/16 1:3 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the allowopeninvite field. An attacker can gain unauthorized access to restricted team invitation functionality by sending crafted API requests. Remediation Upgrade...

5.1CVSS5.6AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/16 12:25 p.m.27 views

CVE-2025-14573 Team Admin Bypass of Invite Permissions via allow_open_invite Field

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

3.8CVSS0.00157EPSS
Exploits0References1
CVE
CVE
added 2026/02/16 12:25 p.m.24 views

CVE-2025-14573

Mattermost advisory MMSA-2025-00561 describes a vulnerability in Mattermost versions 10.11.x ≤ 10.11.9 where invite permissions are not enforced when updating team settings. This allows team administrators lacking proper permissions to bypass restrictions and add users to their team via API reque...

3.8CVSS5.5AI score0.00157EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.10 views

PT-2025-4490 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.0 through 9.11.5 Description: The issue is related to the failure of Mattermost to enforce invite permissions. This allows team admins, who do not have permission to invite users to their team, to invite users by maki...

8.9CVSS6.3AI score0.0104EPSS
Exploits2References90
Rows per page
Query Builder