Security
Headlines

Headlines Latest CVEs

Headline

GHSA-4276-cm8c-788h: Mattermost Fails to Properly Validate Team Role Modification

Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint.

10 days ago

#git #perl #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2025-53971

Mattermost Fails to Properly Validate Team Role Modification

Low severity GitHub Reviewed Published Aug 21, 2025 to the GitHub Advisory Database • Updated Aug 21, 2025

Package

gomod github.com/mattermost/mattermost-server (Go)

Affected versions

>= 10.5.0, <= 10.5.8

>= 9.11.0, <= 9.11.17

Patched versions

10.5.9

9.11.18

gomod github.com/mattermost/mattermost/server/v8 (Go)

< 8.0.0-20250721095846-c602a4a78e1f

8.0.0-20250721095846-c602a4a78e1f

Published to the GitHub Advisory Database

Aug 21, 2025

Last updated

Aug 21, 2025

ghsa: Latest News

GHSA-g5qg-72qw-gw5v: Next.js Affected by Cache Key Confusion for Image Optimization API Routes

1 day ago

GHSA-xv57-4mr9-wg8v: Next.js Content Injection Vulnerability for Image Optimization

1 day ago

GHSA-4342-x723-ch2f: Next.js Improper Middleware Redirect Handling Leads to SSRF

1 day ago

GHSA-876g-49r6-33qj: Liferay Portal allows improper access through the expandoTableLocalService

1 day ago

GHSA-xwfj-jgwm-7wp5: Tracing logging user input may result in poisoning logs with ANSI escape sequences

1 day ago