5.4
CVE-2026-28735
- EPSS 0.14%
- Veröffentlicht 22.05.2026 16:26:04
- Zuletzt bearbeitet 22.05.2026 16:26:04
- Quelle 9302f53e-dde5-4bf3-b2f2-a83f91
- CVE-Watchlists
- Unerledigt
GitHub OAuth Scope Validation
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL.. Mattermost Advisory ID: MMSA-2026-00628
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMattermost
≫
Produkt
Mattermost
Default Statusunaffected
Version <=
11.6.0
Version
11.6.0
Status
affected
Version <=
11.5.3
Version
11.5.0
Status
affected
Version <=
11.4.4
Version
11.4.0
Status
affected
Version <=
10.11.14
Version
10.11.0
Status
affected
Version
11.7.0
Status
unaffected
Version
11.6.1
Status
unaffected
Version
11.5.4
Status
unaffected
Version
11.4.5
Status
unaffected
Version
10.11.15
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.035 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 9302f53e-dde5-4bf3-b2f2-a83f91ac0eee | 5.4 | 0 | 0 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
https://mattermost.com/security-updates