24 matches found
SUSE CVE-2026-20796
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
CVE-2026-20796
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via a race condition in the /commonteams API endpoint. An attacker can gain unauthorized access to team names by exploiting the timing of channel membership validation during data retrieva...
GHSA-2XF7-HMF6-P64J Mattermost doesn't properly validate channel membership at the time of data retrieval
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
CVE-2026-20796
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
CVE-2026-20796
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
CVE-2026-20796
Mattermost CVE-2026-20796 affects version 10.11.x up to 10.11.9, due to improper validation of channel membership at data retrieval. A race condition in the /common_teams API endpoint can allow a deactivated user to learn team names they should not access. Root cause: insufficient validation duri...
CVE-2026-20796
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
CVE-2026-20796 Time-of-check time-of-use vulnerability in common teams API
Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...
EUVD-2014-3566
Malware in sbrugna...
CVE-2024-34699
GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1...
CVE-2024-34699
GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1...
CVE-2024-34699
GZ::CTF (prior to v0.20.1) is vulnerable to cross-site scripting by unprivileged users attempting to craft team names; fixed in v0.20.1. The CVE-2024-34699 entry shows CVSS 3.1 base score 6.5 (Medium) with Adjacent access, no privileges, user interaction none, and high availability impact. Remedi...
CVE-2024-34699 GZ::CTF allows unprivileged user can perform XSS attacks by constructing malicious team names.
GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1...
CVE-2024-34699 GZ::CTF allows unprivileged user can perform XSS attacks by constructing malicious team names.
GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged user can perform cross-site scripting attacks on other users by constructing malicious team names. This problem has been fixed in v0.20.1...
PT-2024-26116 · Gz::Ctf · Gz::Ctf
Name of the Vulnerable Software and Affected Versions: GZ::CTF versions prior to 0.20.1 Description: The issue allows an unprivileged user to perform cross-site scripting attacks on other users by constructing malicious team names. Recommendations: For versions prior to 0.20.1, update to version...
CVE-2022-25203
Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Read permission...
PT-2022-17142 · Jenkins · Jenkins Team Views Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Team Views Plugin version 0.9.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because team names are not properly escaped, allowing attackers with Overall/Read permission to...
Friday Squid Blogging: Introducing the Seattle Kraken
The Kraken is the name of Seattle's new NFL franchise. I have always really liked collective nouns as sports team names like the Utah Jazz or the Minnesota Wild, mostly because it's hard to describe individual players. As usual, you can also use this squid post to talk about the security stories ...
CVE-2014-3592
OpenShift Origin: Improperly validated team names could allow stored XSS attacks...