4 matches found
CVE-2026-2299 Improper Access Control in Mattermost Google Drive Plugin File Creation Endpoint
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 11.5.1 and earlier, including 11.5.x, have security vulnerabilities. These vulnerabilities stem from the lack of verification of channel members when processing AI-assisted...
CVE-2025-27715 Auto-Enrollment of Team Admins into Private Channels without explicit consent
Mattermost versions 9.11.x = 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them...
Mattermost Server 9.5.x < 9.5.10, 9.10.x < 9.10.3, 9.11.x < 9.11.2, 10.0.x < 10.0.1, 10.1.0 (MMSA-2024-00381)
The version of Mattermost Server installed on the remote host is prior to 9.5.10, 9.10.3, 9.11.2, 10.0.1 or 10.1.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00381 advisory. - Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 and 10.0.x = 10.0....