4 matches found
CVE-2025-58073
Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...
Mattermost Server 10.10.x < 10.10.2 / 10.11.0 Missing Authorization (MMSA-2025-00513)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00513 advisory. - Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or...
Mattermost Missing Authorization vulnerability
Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...
CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization
Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...