Lucene search

K
MattermostMattermost Server

7 matches found

CVE
CVE
added 2024/02/29 11:15 a.m.160 views

CVE-2024-1949

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.

2.6CVSS3.9AI score0.00203EPSS
CVE
CVE
added 2024/04/26 9:15 a.m.56 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests.

2.7CVSS6.5AI score0.00139EPSS
CVE
CVE
added 2024/04/26 9:15 a.m.46 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.

2.7CVSS3.7AI score0.00133EPSS
CVE
CVE
added 2023/02/27 3:15 p.m.45 views

CVE-2023-27265

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

2.7CVSS3.5AI score0.00153EPSS
CVE
CVE
added 2023/02/27 3:15 p.m.31 views

CVE-2023-27266

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

2.7CVSS3.5AI score0.00153EPSS
CVE
CVE
added 2024/08/22 4:15 p.m.28 views

CVE-2024-40884

Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.

2.7CVSS6.8AI score0.00171EPSS
CVE
CVE
added 2023/07/17 4:15 p.m.20 views

CVE-2023-3587

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

2.7CVSS3.3AI score0.0006EPSS