Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5163

Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...

6.5CVSS5.5AI score0.00205EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/18 11:47 a.m.13 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the post rewrite endpoint. An attacker can gain unauthorized access to the content of threads in private channels and direct messages by sending a crafted request. Remediation Upgrade...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 11:47 a.m.8 views

Missing Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authorization via the post rewrite endpoint. An attacker can gain unauthorized access to the content of threads in private channels and...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.12 views

Mattermost doesn't verify channel membership when processing AI-assisted message rewrites

Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/18 9:31 a.m.7 views

GHSA-8R89-8W26-CQ32 Mattermost doesn't verify channel membership when processing AI-assisted message rewrites

Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References4
NVD
NVD
added 2026/05/18 9:16 a.m.12 views

CVE-2026-5163

Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...

6.5CVSS0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:11 a.m.7 views

CVE-2026-5163

Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder