Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Communication and Collaboration

Communication and Collaboration

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    30 May 2025 Communication and Collaboration
    Mattermost: Improper Permission Validation Team Privacy Settings

    In Mattermost versions 10.7.0 and earlier, 10.6.2 and earlier, 10.5.3 and earlier, and 9.11.12 and earlier a medium severity vulnerability CVE-2025-3913 was detected. This vulnerability allows team administrators without the ‘invite user’ permission to access and modify team invite IDs via the /api/v4/teams/:teamId/privacy endpoint due to improper permission validation when changing team privacy settings. To address this issue, users should upgrade Mattermost to versions 10.7.1, 10.6.3, 10.5.4, 9.11.13 or 8.0.0-20250412152950-02c76784380a. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3913.

    Read more
    Communication
    21 May 2025 Communication and Collaboration
    Mattermost: Unauthorized Access via Improper Restriction in ExperimentalSettings

    In Mattermost versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11 a low severity vulnerability CVE-2025-2570 was detected. This vulnerability allows a System Manager to access `ExperimentalSettings` via the System Console even when the `RestrictSystemAdmin` setting is true, due to improper access control. To address this issue, users should upgrade Mattermost to versions above 10.5.3 or 9.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2570.

    Read more
    Communication
    19 May 2025 Communication and Collaboration
    Zulip: Channel Creation Access Control Bypass via Privacy Setting Manipulation

    In Zulip versions 10.0 to before 10.3 a medium severity vulnerability CVE-2025-47930 was detected. This vulnerability allows attackers to bypass the “Who can create public channels” access control by creating a private or web-public channel and then changing its privacy setting to public. Similarly, private channels can be created without proper permissions using the API or by altering HTML. To address this issue, users should upgrade Zulip to version 10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47930.

    Read more
    Communication
    16 May 2025 Communication and Collaboration
    Mattermost: LDAP Account Lockout Bypass via Repeated Login Failures

    In Mattermost versions 10.6.x ≤ 10.6.1, 10.5.x ≤ 10.5.2, 10.4.x ≤ 10.4.4 and 9.11.x ≤ 9.11.11 a medium severity vulnerability CVE-2025-31947 was detected. This vulnerability allows attackers to cause external LDAP accounts to be locked out by triggering repeated login failures through Mattermost, as LDAP users are not locked out properly. To address this issue, users should upgrade Mattermost to versions 10.7.0, 10.6.2, 10.5.3, 10.4.5, 9.11.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31947.

    Read more
    Communication
    16 May 2025 Communication and Collaboration
    Mattermost: Authenticated Users Can Add Guests to Teams via API Without Proper Permissions

    In Mattermost versions 10.6.x ≤ 10.6.1, 10.5.x ≤ 10.5.2, 10.4.x ≤ 10.4.4 and 9.11.x ≤ 9.11.11 a medium severity vulnerability CVE-2025-3446 was detected. This vulnerability allows authenticated users with permission only to invite non-guest users to add guest users to teams via the API. To address this issue, users should upgrade Mattermost to versions 10.7.0, 10.6.2, 10.5.3, 10.4.5, 9.11.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3446.

    Read more
    Communication
    6 May 2025 Communication and Collaboration
    Discourse: Unauthorized Homepage Content Exposure on Login-Required Sites

    In Discourse versions between commits 10df7fdee060d44accdee7679d66d778d1136510 and 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b on the 3.5.0.beta4 branch a medium severity vulnerability CVE-2025-46813 was detected. This vulnerability allows unauthenticated users to view private homepage content on login-required sites deployed during the affected window. To address this issue, users should upgrade Discourse to versions above commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46813.

    Read more
    Communication
    2 May 2025 Communication and Collaboration
    Discourse: DM User Limit Bypass Vulnerability

    In Discourse versions prior to 3.4.3 (stable) and 3.5.0.beta3 (beta) a medium severity vulnerability CVE-2025-32376 was detected. This vulnerability allows attackers to bypass the user limit for direct messages (DMs), potentially enabling the creation of a DM including every user on a site. To address this issue, users should upgrade Discourse to versions 3.4.3 (stable) or later, 3.5.0.beta3 (beta) or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32376.

    Read more
    Communication
    25 Apr 2025 Communication and Collaboration
    Mattermost: Denial of Service via Malicious RetrospectivePost Props in Playbooks

    In Mattermost versions 10.4.x ≤ 10.4.2, 10.5.x ≤ 10.5.0 and 9.11.x ≤ 9.11.10 a medium severity vulnerability CVE-2025-41395 was detected. This issue arises from improper validation of `props` in the `RetrospectivePost` custom post type in the Playbooks plugin, allowing attackers to craft posts that can trigger a denial of service (DoS) across the web app for all users. To address this issue, users should upgrade Mattermost to versions 10.6.0, 10.4.3, 10.5.1, 9.11.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-41395.

    Read more
    Communication
    25 Apr 2025 Communication and Collaboration
    Mattermost: DoS via Excessive Task Actions in GraphQL UpdateRunTaskActions Operation

    In Mattermost versions 10.4.x ≤ 10.4.2, 10.5.x ≤ 10.5.0 and 9.11.x ≤ 9.11.10 a medium severity vulnerability CVE-2025-35965 was identified. The issue lies in the failure to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, allowing attackers to create tasks with excessive triggered actions that can overwhelm the server and cause a denial-of-service (DoS) condition. To resolve this issue, users should upgrade Mattermost to versions 10.6.0, 10.4.3, 10.5.1, 9.11.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-35965.

    Read more
    Communication
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy