Lucene search
K

22 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52815

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route...

6.9CVSS0.01553EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/22 8:43 a.m.10 views

Improper Access Control

Mattermost is vulnerable to improper access control. The vulnerability is due to insufficient sanitization and access restrictions on team email addresses, which allows an authenticated user to exploit the GET /api/v4/channels/channelid/commonteams endpoint to view sensitive team email informatio...

4.3CVSS7.2AI score0.00187EPSS
Exploits0References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.3 views

Mattermost Server 10.11.x <= 10.11.9 / 11.0.x <= 11.2.x Improper Access Control (MMSA-2025-00549)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00549 advisory. - Mattermost versions 10.11.x = 10.11.9 and 11.0.x = 11.2.x fail to properly enforce access control checks in the common teams API. This allows the API to...

3.1CVSS5.9AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/13 12:31 p.m.1 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via a race condition in the /commonteams API endpoint. An attacker can gain unauthorized access to team names by exploiting the timing of channel membership validation during data retrieva...

3.1CVSS5.6AI score0.00199EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/13 12:31 p.m.6 views

Mattermost doesn't properly validate channel membership at the time of data retrieval

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/13 11:16 a.m.8 views

CVE-2026-20796

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 10:30 a.m.4 views

CVE-2026-20796 Time-of-check time-of-use vulnerability in common teams API

Mattermost versions 10.11.x = 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /commonteams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/02/13 10:30 a.m.11 views

CVE-2026-20796

Mattermost CVE-2026-20796 affects version 10.11.x up to 10.11.9, due to improper validation of channel membership at data retrieval. A race condition in the /common_teams API endpoint can allow a deactivated user to learn team names they should not access. Root cause: insufficient validation duri...

3.1CVSS5.5AI score0.00199EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.7 views

PT-2026-7984

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.9 Description Mattermost versions 10.11.0 through 10.11.9 do not properly validate channel membership when retrieving data, potentially allowing a deactivated user to learn team names they should not...

9.9CVSS5.5AI score0.27661EPSS
Exploits45References119
SUSE CVE
SUSE CVE
added 2026/01/06 12:28 a.m.3 views

SUSE CVE-2025-12559

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.8AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/28 8:8 p.m.8 views

CVE-2025-12559

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.7AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/27 6:30 p.m.5 views

EUVD-2025-199831

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.2AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2025/11/27 6:30 p.m.5 views

GHSA-4G87-9X45-CX2H Mattermost fails to sanitize team email addresses

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.6AI score0.00187EPSS
Exploits0References9
Snyk
Snyk
added 2025/11/27 5:40 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the GET /api/v4/channels/channelid/commonteams endpoint. An attacker can access team email addresses intended to be visible only to Team Admins by making authenticated requests to this endpoint. Remediation...

5.3CVSS6.7AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2025/11/27 5:15 p.m.5 views

CVE-2025-12559

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS0.00187EPSS
Exploits0References1
OSV
OSV
added 2025/11/27 5:15 p.m.5 views

CVE-2025-12559

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2025/11/27 4:36 p.m.10 views

CVE-2025-12559 Information Disclosure in Common Teams API

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/27 4:36 p.m.5 views

CVE-2025-12559 Information Disclosure in Common Teams API

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

4.3CVSS6.3AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.8 views

PT-2025-48275

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channel id/common teams endpoint...

4.3CVSS6.7AI score0.00187EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-21713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle use...

4.3CVSS6.8AI score0.01185EPSS
Exploits0References2
Rows per page
Query Builder