Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/22 1:37 p.m.35 views

CVE-2026-8074 Improper Permission Check Allows User Manager to Deactivate Bot Accounts

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

3.8CVSS0.00192EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/29 9:44 p.m.37 views

Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

4.9CVSS5.7AI score0.00322EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2588

Malicious code in bioql PyPI...

3.8CVSS4.3AI score0.00366EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 5:7 a.m.9 views

CVE-2023-5159

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS6.7AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/29 9:21 a.m.24 views

CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS4.5AI score0.00366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/29 9:21 a.m.12 views

CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS6.7AI score0.00366EPSS
Exploits0References1
Rows per page
Query Builder