Lucene search
K

4 matches found

OSV
OSV
added 2025/08/21 9:30 a.m.6 views

GHSA-4276-CM8C-788H Mattermost Fails to Properly Validate Team Role Modification

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS7.1AI score0.00189EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/21 7:31 a.m.34 views

CVE-2025-53971 Channel and Team Membership APIs inadvertently allow loss of Member privileges.

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS0.00189EPSS
Exploits0References1
OSV
OSV
added 2025/08/21 7:31 a.m.4 views

CVE-2025-53971 Channel and Team Membership APIs inadvertently allow loss of Member privileges.

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS5.9AI score0.00189EPSS
Exploits0References3
CVE
CVE
added 2025/08/21 7:31 a.m.111 views

CVE-2025-53971

Mattermost Server vulnerability CVE-2025-53971 affects versions 10.5.x ≤ 10.5.8 and 9.11.x ≤ 9.11.17. The issue arises from improper authorization validation for team scheme role modifications, allowing Team Admins to demote Team Members to Guests via PUT /api/v4/teams/{team-id}/members/{user-id}...

3.8CVSS7.1AI score0.00189EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder