Lucene search
+L

4 matches found

cvelist
cvelist
added 2026/06/25 6:55 p.m.23 views

CVE-2026-2299 Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint

The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...

4.2CVSS0.00119EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/18 12:0 a.m.12 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 11.5.1 and earlier, including 11.5.x, have security vulnerabilities. These vulnerabilities stem from the lack of verification of channel members when processing AI-assisted...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/21 8:22 a.m.7 views

CVE-2025-27715 Auto-Enrollment of Team Admins into Private Channels without explicit consent

Mattermost versions 9.11.x = 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them...

3.3CVSS6.9AI score0.00201EPSS
Exploits0References1
nessus
nessus
added 2024/12/05 12:0 a.m.16 views

Mattermost Server 9.5.x < 9.5.10, 9.10.x < 9.10.3, 9.11.x < 9.11.2, 10.0.x < 10.0.1, 10.1.0 (MMSA-2024-00381)

The version of Mattermost Server installed on the remote host is prior to 9.5.10, 9.10.3, 9.11.2, 10.0.1 or 10.1.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00381 advisory. - Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 and 10.0.x = 10.0....

4.3CVSS5.6AI score0.00279EPSS
Exploits0References2
Rows per page
Query Builder