15 matches found
CVE-2025-58073
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...
CVE-2025-58075
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...
Missing Authorization
Overview github.com/mattermost/mattermost/server/v8/channels/web is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authorization in the RelayState parameter. An attacker can gain unauthorized access ...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the RelayState parameter. An attacker can gain unauthorized access to any team by manipulating the RelayState parameter during the team join process. Remediation Upgrade github.com/mattermost/mattermost/server t...
EUVD-2025-34740
Mattermost has a Missing Authorization vulnerability...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the RelayState parameter. An attacker can gain unauthorized access to any team by manipulating the RelayState parameter during the team join process. Remediation Upgrade...
EUVD-2025-34729
Mattermost has a Missing Authorization vulnerability...
Missing Authorization
Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Missing Authorization in the RelayState parameter. An attacker can gain unauthorized access to any team by manipulating the RelayState...
CVE-2025-58075
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...
CVE-2025-58073
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...
CVE-2025-58075 Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...
CVE-2025-58075
Mattermost CVE-2025-58075 affects versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x
CVE-2025-58075 Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability in Mattermost versions 10.11.1 and prior to 10.11.x, 10.10.2 and prior to 10.10.x, and 10.5.10 and prior to 10.5.x stems from an unvalidated user's privilege to join a Mattermo...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-41174)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.8.1, 4.7.4 and 4.6.3. An attacker can use this vulnerability to obtain the inviteid of a team and then repeatedly ask...