16 matches found
Operation on a Resource after Expiration or Release
Overview mattermost-redux is a Common code API client, Redux stores, logic, utility functions for building a Mattermost client Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the permalink preview process. An attacker can access private...
CVE-2026-1629
A missing cache invalidation flaw has been discovered in mattermost server. Affected versions fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache...
EUVD-2026-12516
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629
Mattermost CVE-2026-1629 affects Mattermost 10.11.x up to 10.11.10. The issue arises from not invalidating cached permalink preview data when a user loses channel access, allowing continued viewing of private channel content via previously cached previews until cache reset or relogin. The CVSSv3....
CVE-2026-1629
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
PT-2026-25812
Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...
CVE-2023-43754
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...
EUVD-2023-2991
Malicious code in bioql PyPI...
Code injection
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...
CVE-2023-43754 Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost Inc. in the United States. A security vulnerability exists in Mattermost that stems from an inability to check whether the "Allow users to view archived channels" setting is enabled during permalink preview display, allowing...
PT-2023-28966 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to check if the "Allow users to view archived channels" setting is enabled when displaying permalink previews. This oversight allows members to...