Page 7 of 37 results (0.006 seconds)

CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme. • https://mattermost.com/security-updates • CWE-863: Incorrect Authorization •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, • https://mattermost.com/security-updates • CWE-863: Incorrect Authorization •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs. • https://mattermost.com/security-updates • CWE-346: Origin Validation Error •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. • https://mattermost.com/security-updates • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin • https://mattermost.com/security-updates • CWE-863: Incorrect Authorization •