Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-h356-3mfw-x368: Mattermost Fails to Verify User's Permissions When Accessing Groups

Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user’s permissions when accessing groups, which allows an attacker to view group information via an API request.

ghsa
Open in Source
#git#perl
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-2527

Mattermost Fails to Verify User’s Permissions When Accessing Groups

Moderate severity GitHub Reviewed Published May 15, 2025 to the GitHub Advisory Database • Updated May 17, 2025

Package

gomod github.com/mattermost/mattermost/server/v8 (Go)

Affected versions

>= 10.5.0, <= 10.5.2

>= 9.11.0, <= 9.11.11

< 8.0.0-20250411064244-844447fbd57c

Patched versions

10.5.3

9.11.12

8.0.0-20250411064244-844447fbd57c

Description

Published to the GitHub Advisory Database

May 15, 2025

Last updated

May 17, 2025

ghsa: Latest News

GHSA-9fwj-9mjf-rhj3: laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
ghsa