Security
Headlines

Headlines Latest CVEs

Headline

GHSA-j5jw-m2ph-3jjf: Mattermost Missing Authentication for Critical Function

Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA for other users, even if those users have not set up MFA.

1 month ago

GitHub Advisory Database
GitHub Reviewed
CVE-2025-27538

Mattermost Missing Authentication for Critical Function

Low severity GitHub Reviewed Published Apr 16, 2025 to the GitHub Advisory Database • Updated Apr 16, 2025

Package

gomod github.com/mattermost/mattermost/server/v8 (Go)

Affected versions

>= 10.5.0, < 10.5.2

>= 9.11.0, < 9.11.10

< 8.0.0-20250314142426-c049748b8863

Patched versions

10.5.2

9.11.10

8.0.0-20250314142426-c049748b8863

Published to the GitHub Advisory Database

Apr 16, 2025

Last updated

Apr 16, 2025

ghsa: Latest News

GHSA-qfm8-78qf-p75j: The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution

13 hours ago

GHSA-hq4f-5qjv-fwrg: The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location

13 hours ago

GHSA-pqqp-7cp8-vxvf: Ackites KillWxapkg Zip Bomb Resource Exhaustion

14 hours ago

GHSA-463c-jhp2-4mm7: The Backup Plus extension for TYPO3 (ns_backup) allows command injections

14 hours ago

GHSA-xg53-mhh9-3cq7: The Backup Plus extension for TYPO3 (ns_backup) allows XSS

14 hours ago