Lucene search
K

4 matches found

OSV
OSV
added 2025/11/14 9:30 a.m.5 views

GHSA-X3HX-CH7P-8XGG Mattermost allows regular users to access archived channel content and files

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

3.1CVSS6.7AI score0.00164EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/14 8:0 a.m.1 views

CVE-2025-41436 Unauthorized access to archived channel content via threads interface

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

3.1CVSS6.4AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 7:45 a.m.1 views

CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS5.9AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.6 views

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost Inc. in the United States. A security vulnerability exists in Mattermost that stems from an inability to check whether the "Allow users to view archived channels" setting is enabled during permalink preview display, allowing...

4.3CVSS6.7AI score0.00506EPSS
Exploits0References1
Rows per page
Query Builder