10 matches found
EUVD-2022-4257
Malicious code in bioql PyPI...
SUSE CVE-2025-3611
Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...
CVE-2025-3611
Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...
CVE-2025-3611 Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions
Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...
CVE-2020-14457
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...
BIT-MATTERMOST-2020-14457
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly authorize a request to obtain the AD/LLDAP group associated with a team, which could allow an attacker to obtain the details of t...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from a permission validation error that allows an attacker to obtain details of another team via the get/api/v4/teams//channels/deleted endpoint...
Design/Logic Flaw
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...
CVE-2020-14457
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the updateteam WebSocket event, aka MMSA-2020-0012...