16 matches found
EUVD-2025-18094
Malicious code in bioql PyPI...
EUVD-2022-1730
Malicious code in bioql PyPI...
SUSE CVE-2025-4128
Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...
Unauthorized Information Disclosure
github.com/mattermost/mattermost-server is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to insufficient restriction of API access, allowing guest users to view information about public teams they are not members of via direct API calls...
GO-2025-3757 Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server
Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server...
Mattermost allows guest users to view information about public teams they are not members of
Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization over the /api/v4/teams/teamid endpoint. A user can view information about public teams they are not a member of. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to version 9.11.14,...
GHSA-JWHW-XF5V-QGXC Mattermost allows guest users to view information about public teams they are not members of
Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...
SUSE CVE-2025-22449
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
CVE-2025-22449
Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...
BIT-MATTERMOST-2022-1385
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...
Information Disclosure
github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly validate the invitations of pending emails when the action is performed from the system console, allowing an attacker to join the workspace and access th...
Mattermost Access Control Error Vulnerability (CNVD-2022-31756)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. An Access Control Error vulnerability exists in Mattermost 6.4.x and earlier versions, which stems from an inability to properly invalidate a pending email invitation when executed from the system...
CVE-2022-1385
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...
PT-2022-13846 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.x and earlier Description: The issue arises from the failure to properly invalidate pending email invitations when the action is performed from the system console. This allows accidentally invited users to join the...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-41490)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.8.0 that stems from the program not following domain name requirements when processing join requests for public teams. An...