Security
Headlines

Headlines Latest CVEs

Headline

GHSA-p6gj-jc38-x2m7: Mattermost fails to validate user permissions when deleting comments in Boards

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.

1 day ago

GitHub Advisory Database
GitHub Reviewed
CVE-2025-12756

Mattermost fails to validate user permissions when deleting comments in Boards

Moderate severity GitHub Reviewed Published Dec 1, 2025 to the GitHub Advisory Database • Updated Dec 2, 2025

Package

gomod github.com/mattermost/mattermost (Go)

Affected versions

>= 10.11.0, <= 10.11.4

>= 10.12.0, <= 10.12.1

>= 10.5.0, <= 10.5.12

>= 11.0.0, <= 11.0.2

gomod github.com/mattermost/mattermost/server/v8 (Go)

<= 8.0.0-20251013062617-7977e7e6dae3

Published to the GitHub Advisory Database

Dec 1, 2025

ghsa: Latest News

GHSA-424m-fj2q-g7vg: Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors

5 hours ago

GHSA-5xw2-57jx-pgjp: GrapesJsBuilder File Upload allows all file uploads

22 hours ago

GHSA-3fq7-c5m8-g86x: Mautic user without privileged access to the Marketplace can install and uninstall composer packages

22 hours ago

GHSA-j3rw-fx6g-q46j: Apptainer ineffectively applies selinux and apparmor --security options

22 hours ago

GHSA-wwrx-w7c9-rf87: Singluarity ineffectively applies selinux / apparmor LSM process labels

22 hours ago