Security
Headlines

Headlines Latest CVEs

Headline

GHSA-8cgx-9ccj-3gwr: Mattermost fails to clear Google OAuth credentials

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.

1 day ago

#google #git #oauth #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2025-2571

Mattermost fails to clear Google OAuth credentials

Moderate severity GitHub Reviewed Published May 30, 2025 to the GitHub Advisory Database • Updated May 30, 2025

Package

gomod github.com/mattermost/mattermost/server/v8 (Go)

Affected versions

>= 10.7.0-rc1, < 10.7.1

>= 10.0.0-rc1, < 10.5.4

>= 9.0.0-rc1, < 9.11.13

< 8.0.0-20250414095146-04676582cdd2

>= 10.6.0-rc1, < 10.6.3

Patched versions

10.7.1

10.5.4

9.11.13

8.0.0-20250414095146-04676582cdd2

10.6.3

Published to the GitHub Advisory Database

May 30, 2025

Last updated

May 30, 2025

ghsa: Latest News

GHSA-wv8j-m3hx-924j: Arrow2 allows out of bounds access in public safe API

1 day ago

GHSA-v75g-77vf-6jjq: Para Server Logs Sensitive Information

1 day ago

GHSA-g9f5-x53j-h563: Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

1 day ago

GHSA-8cgx-9ccj-3gwr: Mattermost fails to clear Google OAuth credentials

1 day ago

GHSA-86jg-35xj-3vv5: Mattermost fails to properly enforce access control restrictions for System Manager roles

1 day ago