10 matches found
SUSE CVE-2025-64641
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...
GO-2025-4260 Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin in github.com/mattermost/mattermost-server
Mattermost doesn't verify that post actions invoking /share-issue-publicly were created by the Jira plugin in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If...
GHSA-VWW6-79RV-3J4X Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...
Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...
CVE-2025-64641
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...
CVE-2025-64641
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...
EUVD-2025-205062
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...
CVE-2025-64641 Mattermost Jira plugin crafted action leaks Jira issue details
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...
CVE-2025-64641
Mattermost contains a vulnerability where post actions invoking /share-issue-publicly are not verified to be created by the Jira plugin, enabling a malicious user to exfiltrate Jira tickets when victims interact with affected posts. Affected versions include Mattermost 11.1.x (<=11.1.0), 11.0....
PT-2025-52873
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.7 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 11.1.x through 11.1.0 Description Mattermost fails to verify that post actions invoking...