9 matches found
Improper Access Control
Mattermost is vulnerable to improper access control. The vulnerability is due to insufficient sanitization and access restrictions on team email addresses, which allows an authenticated user to exploit the GET /api/v4/channels/channelid/commonteams endpoint to view sensitive team email informatio...
SUSE CVE-2025-12559
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...
CVE-2025-12559
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...
EUVD-2025-199831
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the GET /api/v4/channels/channelid/commonteams endpoint. An attacker can access team email addresses intended to be visible only to Team Admins by making authenticated requests to this endpoint. Remediation...
CVE-2025-12559
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...
CVE-2025-12559
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...
CVE-2025-12559 Information Disclosure in Common Teams API
Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...
CVE-2025-12559
Mattermost suffers an information-disclosure vulnerability CVE-2025-12559 where certain versions are not sanitizing team email addresses. Affected: Mattermost Server 11.0.x <= 11.0.2; 10.12.x <= 10.12.1; 10.11.x <= 10.11.4; 10.5.x