5 matches found
EUVD-2025-25420
Malicious code in bioql PyPI...
GHSA-QJ47-W9F2-QG44 Mattermost Does Not Sanitize the Team Invite ID
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...
CVE-2025-47870
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...
CVE-2025-47870
Mattermost Server contains a vulnerability where the team invite ID is not sanitized in the POST /api/v4/teams/:teamId/restore endpoint. Affected versions include Mattermost Server 9.11.x <= 9.11.17, 10.5.x <= 10.5.8, 10.8.x <= 10.8.3, and 10.9.x
GHSA-C253-8HR4-R8V9 Mattermost Server exposes private team invite ID
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document...