Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an uncleaned Team Invitation ID, which could lead to the acquisition of a Team Invitation ID.The following versions are affected: 10.8.3 an...

Mattermost Permission Issues Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a privilege issue vulnerability that stems from insufficient privilege validation, which can be exploited by an attacker to access team invitation IDs...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a privilege issue vulnerability that stems from insufficient privilege validation, which can be exploited by an attacker to access team invitation IDs...

coolLabs Coolify Denial of Service Vulnerability

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a denial of service vulnerability that stems from the fact that any authenticated user can revoke any team invitation on an instance by simply providing a predictable incremental ID, whic...

CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission

Mattermost fails to check the "inviteguest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from an inability to check the "inviteguest" permission when inviting people from other teams to join the team. A privileged...

Mattermost Server Information Disclosure Vulnerability (CNVD-2020-52027)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.1.0, 4.0.4 and 3.10.3. An attacker can exploit the vulnerability by requesting a JSON document to obtain a team invitation ID...

Mattermost Server Information Disclosure Vulnerability (CNVD-2020-52028)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.1.0, 4.0.4 and 3.10.3. An attacker can exploit the vulnerability to obtain a team invitation ID with the help of a team API...

Infogram: New team invitation functionality allows extend team without upgrade

Privilege escalation vulnerability was found, which allowed to bypass the limitation of team members...

HackerOne: Email Address Leak

Hello, I have found out that when a team invites a team member via username, the email address of the invited user is being disclosed after he accepted it. This can be abused since we all know that the email address is not publicly visible through hackerone profile. One team can abuse its functio...