4 matches found
GO-2026-4749 Mattermost fails to validate team-specific upload_file permissions in github.com/mattermost/mattermost-server
Mattermost fails to validate team-specific uploadfile permissions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fro...
Mattermost fails to validate team-specific upload_file permissions
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...
CVE-2026-4265 Guest user can upload files without permission across teams
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...
CVE-2026-4265 Guest user can upload files without permission across teams
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...