Количество 3
Количество 3
CVE-2025-27538
Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA for other users, even if those users have not set up MFA.
CVE-2025-27538
Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce ...
GHSA-j5jw-m2ph-3jjf
Mattermost Missing Authentication for Critical Function
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-27538 Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA for other users, even if those users have not set up MFA. | CVSS3: 2.2 | 0% Низкий | 10 месяцев назад |
| CVE-2025-27538 Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce ... | CVSS3: 2.2 | 0% Низкий | 10 месяцев назад |
| GHSA-j5jw-m2ph-3jjf Mattermost Missing Authentication for Critical Function | CVSS3: 2.2 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу