Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-18094

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00186EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1730

Malicious code in bioql PyPI...

5.8CVSS4.8AI score0.0083EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2025/07/04 2:42 p.m.3 views

SUSE CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

4.3CVSS6.7AI score0.00186EPSS
Exploits0References2
Veracode
Veracode
added 2025/06/12 7:2 a.m.4 views

Unauthorized Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Unauthorized Information Disclosure. The vulnerability is due to insufficient restriction of API access, allowing guest users to view information about public teams they are not members of via direct API calls...

4.3CVSS5.7AI score0.00186EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/06/11 5:45 p.m.5 views

GO-2025-3757 Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server

Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server...

4.3CVSS6.7AI score0.00186EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/11 12:30 p.m.32 views

Mattermost allows guest users to view information about public teams they are not members of

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

4.3CVSS6.7AI score0.00186EPSS
Exploits0References5Affected Software2
Snyk
Snyk
added 2025/06/11 12:30 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization over the /api/v4/teams/teamid endpoint. A user can view information about public teams they are not a member of. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to version 9.11.14,...

4.3CVSS6.7AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2025/06/11 12:30 p.m.5 views

GHSA-JWHW-XF5V-QGXC Mattermost allows guest users to view information about public teams they are not members of

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

3.1CVSS6.7AI score0.00186EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/01/15 3:48 a.m.3 views

SUSE CVE-2025-22449

Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...

3.8CVSS6.9AI score0.00268EPSS
Exploits0References4
OSV
OSV
added 2025/01/09 7:15 a.m.3 views

CVE-2025-22449

Mattermost versions 9.11.x = 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public...

3.8CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2024/03/06 11:3 a.m.15 views

BIT-MATTERMOST-2022-1385

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

5.8CVSS4.2AI score0.0083EPSS
Exploits1References3
Veracode
Veracode
added 2022/04/25 5:44 a.m.19 views

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly validate the invitations of pending emails when the action is performed from the system console, allowing an attacker to join the workspace and access th...

4.6CVSS4.1AI score0.0083EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2022/04/21 12:0 a.m.9 views

Mattermost Access Control Error Vulnerability (CNVD-2022-31756)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. An Access Control Error vulnerability exists in Mattermost 6.4.x and earlier versions, which stems from an inability to properly invalidate a pending email invitation when executed from the system...

5.8CVSS6.2AI score0.0083EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/19 9:15 p.m.5 views

CVE-2022-1385

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

5.8CVSS5.4AI score0.0083EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/04/19 12:0 a.m.7 views

PT-2022-13846 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.x and earlier Description: The issue arises from the failure to properly invalidate pending email invitations when the action is performed from the system console. This allows accidentally invited users to join the...

5.8CVSS6.8AI score0.0083EPSS
Exploits1References10
CNVD
CNVD
added 2020/06/22 12:0 a.m.2 views

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41490)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.8.0 that stems from the program not following domain name requirements when processing join requests for public teams. An...

5.3CVSS6.6AI score0.00769EPSS
Exploits0References1
Rows per page
Query Builder