PT-2026-25813 · Mattermost · Mattermost
Hackit_Bharat
·
Publicado
2026-02-13
·
Atualizado
2026-03-17
·
CVE-2026-26230
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 10.11.0 through 10.11.10
Description
Mattermost versions 10.11.x up to and including 10.11.10 do not correctly validate permission requirements in the team member roles API endpoint. This allows team administrators to demote members to a guest role. The affected API endpoint is '/api/v1/teams/{team id}/members/{user id}/roles', where
team id and user id are vulnerable parameters.Recommendations
Update Mattermost to a version later than 10.11.10.
Correção
LPE
Improper Access Control
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mattermost