5 matches found
CVE-2026-42185
People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user including users with no current domain access to the...
EUVD-2024-2499
Malicious code in bioql PyPI...
CVE-2024-8071
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
CVE-2024-8071
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
CVE-2024-8071
CVE-2024-8071 affects Mattermost Server versions 9.9.x ≤ 9.9.1, 9.5.x ≤ 9.5.7, 9.10.x ≤ 9.10.0, and 9.8.x ≤ 9.8.2. The issue is a failure to restrict which roles can promote a user to system admin, allowing a System Role with edit access to the permissions section of the system console to update ...