4 matches found
CVE-2026-9708 Incoming webhook user attribution via unvalidated webhook owner
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...
CVE-2026-9708
Mattermost vulnerable versions (11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x
EUVD-2019-14210
Malware in sbrugna...
Race condition
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user...