Security
Headlines

Headlines Latest CVEs

Headline

GHSA-hc6v-386m-93pq: Mattermost fails to properly enforce access controls for guest users

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.

1 day ago

#git #perl #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2025-1792

Mattermost fails to properly enforce access controls for guest users

Low severity GitHub Reviewed Published May 30, 2025 to the GitHub Advisory Database • Updated May 30, 2025

Package

gomod github.com/mattermost/mattermost/server/v8 (Go)

Affected versions

>= 10.6.0-rc1, < 10.7.1

>= 10.0.0-rc1, < 10.5.4

>= 9.0.0-rc1, < 9.11.13

< 8.0.0-20250414110750-c23f44fe8ed0

Patched versions

10.7.1

10.5.4

9.11.13

8.0.0-20250414110750-c23f44fe8ed0

Published to the GitHub Advisory Database

May 30, 2025

Last updated

May 30, 2025

ghsa: Latest News

GHSA-wv8j-m3hx-924j: Arrow2 allows out of bounds access in public safe API

1 day ago

GHSA-v75g-77vf-6jjq: Para Server Logs Sensitive Information

1 day ago

GHSA-g9f5-x53j-h563: Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

1 day ago

GHSA-8cgx-9ccj-3gwr: Mattermost fails to clear Google OAuth credentials

1 day ago

GHSA-86jg-35xj-3vv5: Mattermost fails to properly enforce access control restrictions for System Manager roles

1 day ago