Page 6 of 29 results (0.010 seconds)

CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local channel will then become shared without the consent of the local admin. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •

CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels • https://mattermost.com/security-updates • CWE-284: Improper Access Control •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •

CVSS: 2.7EPSS: 0%CPEs: 2EXPL: 0

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts • https://mattermost.com/security-updates • CWE-284: Improper Access Control •