2 matches found
SUSE CVE-2025-6227
Mattermost versions 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API...
Insufficiently Protected Credentials
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the invite mechanism for remote clusters. An attacker can send unauthorized synchronization payloads by...