Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.6 views

PT-2024-39459 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Mattermost versions 9.9.x through 9.9.2 Mattermost versions 9.10.x through 9.10.1 Description: The issue allows an attacker to view unlinked channel files in channels they are a member of, due to a...

4.3CVSS7.1AI score0.00259EPSS
Exploits0References5
CVE
CVE
added 2024/08/22 3:17 p.m.44 views

CVE-2024-40884

Mattermost Server 9.5.x (up to 9.5.7) and 9.10.x (up to 9.10.0) are affected by an improper access control issue that allows a team admin user without the Add Team Members permission to disable the invite URL. The issue is caused by insufficient enforcement of permissions (no explicit access cont...

2.7CVSS6.8AI score0.0039EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/08/22 6:30 a.m.58 views

CVE-2024-43813

CVE-2024-43813 affects Mattermost Server: versions 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0 do not enforce proper access controls, allowing any authenticated user (including guests) to mark any channel inside any team as read for any user. Root cause: improper access control in read-marking func...

4.3CVSS4.6AI score0.00244EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/07/03 9:15 a.m.28 views

CVE-2024-39807

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...

5.3CVSS0.00345EPSS
Exploits0References1
Rows per page
Query Builder