4 matches found
PT-2024-39459 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.8 Mattermost versions 9.9.x through 9.9.2 Mattermost versions 9.10.x through 9.10.1 Description: The issue allows an attacker to view unlinked channel files in channels they are a member of, due to a...
CVE-2024-40884
Mattermost Server 9.5.x (up to 9.5.7) and 9.10.x (up to 9.10.0) are affected by an improper access control issue that allows a team admin user without the Add Team Members permission to disable the invite URL. The issue is caused by insufficient enforcement of permissions (no explicit access cont...
CVE-2024-43813
CVE-2024-43813 affects Mattermost Server: versions 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0 do not enforce proper access controls, allowing any authenticated user (including guests) to mark any channel inside any team as read for any user. Root cause: improper access control in read-marking func...
CVE-2024-39807
Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...