Untriaged
Permalink
CVE-2026-22545
3.1 LOW
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
Password Change Bypass via Auth Switch Endpoint
Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583
References
- MMSA-2026-00583 vendor-advisory
Affected products
Mattermost
- =<10.11.10
- ==10.11.11
- ==11.4.0
Matching in nixpkgs
pkgs.mattermost
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle
pkgs.mattermostLatest
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle
pkgs.mattermost-desktop
Mattermost Desktop client
pkgs.python312Packages.mattermostdriver
Python Mattermost Driver
pkgs.python313Packages.mattermostdriver
Python Mattermost Driver
pkgs.python314Packages.mattermostdriver
Python Mattermost Driver
Package maintainers
-
@fsagbuya Florian Agbuya <fa@m-labs.ph>
-
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
-
@ryantm Ryan Mulligan <ryan@ryantm.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
-
@liff Olli Helenius <liff@iki.fi>
-
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
-
@globin Robin Gloster <mail@glob.in>