Security
Headlines

Headlines Latest CVEs

Headline

GHSA-mqcj-8c2g-h97q: Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API, which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint.

1 day ago

#vulnerability #git #perl #auth

Package

gomod github.com/mattermost/mattermost (Go)

Affected versions

< 5.3.2-0.20250905150616-ba86dfc5876b

Patched versions

5.3.2-0.20250905150616-ba86dfc5876b

gomod github.com/mattermost/mattermost-server (Go)

>= 10.11.0, < 10.11.4

>= 10.5.0, < 10.5.12

< 5.3.2-0.20250905150616-ba86dfc5876b

10.11.4

10.5.12

5.3.2-0.20250905150616-ba86dfc5876b

gomod github.com/mattermost/mattermost-server/v5 (Go)

< 5.3.2-0.20250905150616-ba86dfc5876b

5.3.2-0.20250905150616-ba86dfc5876b

gomod github.com/mattermost/mattermost-server/v6 (Go)

< 5.3.2-0.20250905150616-ba86dfc5876b

5.3.2-0.20250905150616-ba86dfc5876b

gomod github.com/mattermost/mattermost/server/v8 (Go)

< 8.0.0-20250905150616-ba86dfc5876b

8.0.0-20250905150616-ba86dfc5876b

ghsa: Latest News

GHSA-r9x7-7ggj-fx9f: PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

28 minutes ago

GHSA-g2j9-g8r5-rg82: PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal

28 minutes ago

GHSA-mx7m-j9xf-62hw: @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields

3 hours ago

GHSA-mh29-5h37-fv8m: js-yaml has prototype pollution in merge (<<)

6 hours ago

GHSA-cph6-524f-3hgr: Directus Vulnerable to Information Leakage in Existing Collections

21 hours ago