CNNVD-202506-2650 Information

CNNVD ID

CNNVD-202506-2650

Related CVE

CVE-2025-4981

• CNNVD Published: 2025-06-20

Description (Chinese)

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.5及之前的10.5.x版本、9.11.15及之前的9.11.x版本、10.8.0及之前的10.8.x版本、10.7.2及之前的10.7.x版本和10.6.5及之前的10.6.x版本存在安全漏洞，该漏洞源于未清理存档提取器中的文件名，可能导致经过认证的用户通过上传带有路径遍历序列的文件名写入任意位置。

Description (English)

Mattermost is an open-source collaborative platform for Mattermost in the United States. There are security gaps in Mettermost 10.5.5 and earlier versions 10.5.x, 9.11.15 and earlier versions 9.11.x, 10.8.0 and earlier versions 10.8.x, 10.7.x and earlier versions 10.7.2.2 and 10.6.5 and earlier versions 10.6.x, which stem from the uncleaned filenames in the archive extractor and may result in any location being written by a certified user by uploading a file name with a path through the sequence.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Mattermost

Published

2025-06-20

Last Modified

2026-02-24

References

https://mattermost.com/security-updates

Patch

https://mattermost.com/download/