CNNVD-202507-2422 Information
CNNVD ID
CNNVD-202507-2422
Related CVE
- CNNVD Published: 2025-07-18
Description (Chinese)
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.6及之前的10.5.x版本、10.8.1及之前的10.8.x版本、10.7.3及之前的10.7.x版本、9.11.16及之前的9.11.x版本存在安全漏洞,该漏洞源于检索PendingPostID缓存帖子时未验证授权,可能导致认证用户读取无权访问的私人频道帖子。
Description (English)
Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mattermust 10.5.6 and earlier versions 10.5.x, 10.8.x and earlier versions 10.8.1 and 10.8.x, 10.7.3 and earlier versions 10.7.x, 9.11.16 and earlier versions 9.11.x, which stems from the lack of authorization to search PendingPostID caches, which may lead to the authentication of users to read private channel posts that are not accessible.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Mattermost
Published
2025-07-18
Last Modified
2026-02-24
References
https://mattermost.com/security-updates https://access.redhat.com/security/cve/cve-2025-6226
Share on: