Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/10/17 9:42 a.m.14 views

CVE-2025-58073

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.8AI score0.00379EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.3 views

Mattermost Server 10.10.x < 10.10.2 / 10.11.0 Missing Authorization (MMSA-2025-00513)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00513 advisory. - Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.8 views

Mattermost Missing Authorization vulnerability

Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2025/09/15 10:6 a.m.36 views

CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization

Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...

6.5CVSS0.00242EPSS
Exploits0References1
Rows per page
Query Builder