3 matches found
CVE-2026-32991
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
Mattermost Server 10.5.x <= 10.5.12 / 10.11.x <= 10.11.4 / 10.12.x <= 10.12.1 / 11.0.x <= 11.0.3 Improper Authentication (MMSA-2025-00547)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00547 advisory. - Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID...
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication
Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12, 11.0.x = 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of...