Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-31044

Malicious code in bioql PyPI...

2.7CVSS4.3AI score0.00526EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/16 12:40 p.m.10 views

Improper Input Validation

github.com/mattermost/mattermost-servert is vulnerable to Improper Input Validation. The vulnerability is due to failure to sanitize the team invite ID in the /api/v4/teams/:teamId/restore endpoint, which allows a team admin without invite privileges to obtain the team’s invite ID...

4.3CVSS6.6AI score0.00201EPSS
Exploits0References5Affected Software4
Cvelist
Cvelist
added 2025/08/21 7:31 a.m.33 views

CVE-2025-53971 Channel and Team Membership APIs inadvertently allow loss of Member privileges.

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint...

3.8CVSS0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.9 views

CVE-2023-27265

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS6.7AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.18 views

CVE-2023-27266

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS6.7AI score0.00526EPSS
Exploits0References1
OSV
OSV
added 2024/12/16 7:14 a.m.5 views

BIT-MATTERMOST-2024-29221

Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the /api/v4/users/me/teams endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users,...

4.7CVSS4.6AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2023/02/27 3:15 p.m.10 views

CVE-2023-27265

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS7AI score
Exploits0References1
Prion
Prion
added 2023/02/27 3:15 p.m.17 views

Code injection

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

3.3CVSS4AI score0.00526EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/27 2:46 p.m.10 views

CVE-2023-27266 Disclosure of team owner email address when when accessing the teams API

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS3.7AI score0.00526EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/27 2:46 p.m.19 views

CVE-2023-27265 Disclosure of team owner email address when regenerating Invite ID

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS4AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/27 12:0 a.m.6 views

PT-2023-21044 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue concerns the failure of Mattermost to honor the ShowEmailAddress setting when responding to the "Regenerate Invite Id" API endpoint. This allows an attacker with team admin...

2.7CVSS3.4AI score0.00526EPSS
Exploits0References6
Rows per page
Query Builder