Lucene search
K

27 matches found

redhatcve
redhatcve
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
osv
osv
added 2026/05/21 9:32 a.m.2 views

GHSA-6CFR-WP44-6QMV Mattermost has an Incorrect Authorization issue

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/21 7:13 a.m.7 views

CVE-2026-4055 Insufficient permission validation on cross-team playbook run creation

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
euvd
euvd
added 2026/05/21 7:13 a.m.11 views

EUVD-2026-31221

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/21 7:13 a.m.6 views

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/05/21 7:13 a.m.43 views

CVE-2026-4055 Insufficient permission validation on cross-team playbook run creation

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS0.00152EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.15 views

PT-2026-42404

Name of the Vulnerable Software and Affected Versions Mattermost version 11.5.1 Description An issue exists where the system fails to validate the team-level run create permission against the target team during the creation of a playbook run. This allows an authenticated team member to create run...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References10
snyk
snyk
added 2026/03/16 10:48 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the playbook run API when the runcreate permission is not verified for an empty playbookId. An attacker can initiate unauthorized playbook runs by sending crafted API requests. Remediation Upgrade...

5.3CVSS5.8AI score0.00159EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/16 7:53 p.m.24 views

CVE-2026-26304 Permission Bypass in Playbook Run Creation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

4.3CVSS0.00159EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-34458

Malicious code in bioql PyPI...

5.9CVSS5.9AI score0.0023EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19559

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00177EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18758

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.0021EPSS
Exploits0References3
susecve
susecve
added 2025/08/06 2:53 a.m.3 views

SUSE CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS6.9AI score0.00177EPSS
Exploits0References2
susecve
susecve
added 2025/08/04 11:26 p.m.3 views

SUSE CVE-2025-3227

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS6.7AI score0.0021EPSS
Exploits0References2
osv
osv
added 2025/07/28 7:57 p.m.7 views

GO-2025-3772 Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server

Mattermost allows unauthorized channel member management through playbook runs in github.com/mattermost/mattermost-server...

4.3CVSS6.2AI score0.0021EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/07/02 5:24 p.m.33 views

CVE-2025-46702

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS7.2AI score0.00177EPSS
Exploits0References1
osv
osv
added 2025/06/30 4:51 p.m.14 views

CVE-2025-46702 Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS6AI score0.00177EPSS
Exploits0References3
veracode
veracode
added 2025/06/25 4:30 a.m.6 views

Unauthorized Access

github.com/mattermost/mattermost-server is vulnerable to unauthorized access. The vulnerability is due to improper access control caused by a failure to correctly retrieve and validate requestorInfo for guest users, allowing attackers to access playbook runs without proper authorization...

4.3CVSS6.2AI score0.00251EPSS
Exploits0References3Affected Software2
redhatcve
redhatcve
added 2025/06/23 8:40 a.m.6 views

CVE-2025-3227

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS6.9AI score0.0021EPSS
Exploits0References1
github
github
added 2025/06/20 3:30 p.m.9 views

Mattermost allows unauthorized channel member management through playbook runs

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS4.5AI score0.0021EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder