Authentication Bypass

Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to a flaw that allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

SUSE CVE-2025-30179

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search,...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search, channel search, and team search failing to enforce multifactor authentication. Remediation Upgrade...

grafana: IDOR vulnerability can lead to information disclosure

An Insecure Direct Object Reference IDOR vulnerability was found on Grafana Teams APIs. This flaw impacts the /teams/:teamId, /teams/:search, /teams/:teamId/members API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for tea...

Grafana Teams API IDOR

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID,...