Security
Headlines

Headlines Latest CVEs

Headline

GHSA-58w6-w55x-6wq8: Mattermost fails to validate user permissions in Boards

Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to

2 days ago

GitHub Advisory Database
GitHub Reviewed
CVE-2025-13870

Mattermost fails to validate user permissions in Boards

Low severity GitHub Reviewed Published Dec 2, 2025 to the GitHub Advisory Database • Updated Dec 3, 2025

Package

gomod github.com/mattermost/mattermost (Go)

Affected versions

>= 10.11.0, < 10.11.5

>= 10.5.0, < 10.5.13

Patched versions

10.11.5

10.5.13

gomod github.com/mattermost/mattermost/server/v8 (Go)

< 8.0.0-20250905150616-ba86dfc5876b

8.0.0-20250905150616-ba86dfc5876b

Published to the GitHub Advisory Database

Dec 2, 2025

ghsa: Latest News

GHSA-2cgv-28vr-rv6j: libcrux incorrectly calculates on aarch64

6 hours ago

GHSA-4hr2-xf7w-jf76: Central Dogma's Login Function Has an Open Redirect Vulnerability

6 hours ago

GHSA-9gqj-5w7c-vx47: Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

7 hours ago

GHSA-869p-cjfg-cm3x: auth0/node-jws Improperly Verifies HMAC Signature

7 hours ago

GHSA-wvxp-jp4w-w8wg: mcp-server-kubernetes has potential security issue in exec_in_pod tool

1 day ago