Mattermost Fails to Restrict Certain Operations on System Admins

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

CVE-2022-31007

eLabFTW prior to 4.3.0 contains a permission issue where an authenticated administrator within a team can grant themselves system administrator privileges or create a new system administrator account. The vulnerability stems from abuse of administrator permissions and is mitigated in version 4.3....