SUSE CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

Mattermost Improper Access Restriction Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an improper access restriction vulnerability. The vulnerability arises due to improperly set API access rights. An attacker could use this vulnerability to gain unauthorized...

CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization over the /api/v4/teams/teamid endpoint. A user can view information about public teams they are not a member of. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to version 9.11.14,...

CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

CVE-2025-4128 Mattermost Guest User Information Disclosure Vulnerability

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

Unauthorized Access

github.com/mattermost/mattermost is vulnerable to Unauthorized Access. The vulnerability is due to non-members receiving broadcasted team details via the updateteam WebSocket event, which allows an attacker to gain unauthorized access to sensitive team information...

CVE-2022-2828

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...

Dropbox: User has Sender permission can Get Team information

A security researcher was able to leverage a user with a sender role to view all team information by issuing a crafted POST request to portal.helloworks.com/editteam which provided information disclosure team's primary contact, whereas accessing the URL is forbidden based on the sender role. The...

otopholder18.txt

vendor: http://www.jakeo.com vuln : http://host/foto/index.php?path=../../etc/passwd http://host/foto/index.php?path=xss http://host/foto/index.php?path=../../directory listing Author : Vampire [email protected] Homepage : Www.HackerZ.iR Www.H4ckerZ.Com Iran HackerZ Security Team...