CNNVD-202507-2434 Information

CNNVD ID

CNNVD-202507-2434

Related CVE

CVE-2025-6227

• CNNVD Published: 2025-07-18

Description (Chinese)

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.7及之前的10.5.x版本、9.11.16及之前的9.11.x版本存在安全漏洞，该漏洞源于接受邀请时未协商新令牌，可能导致拦截邀请和密码的用户通过REST API发送同步负载。

Description (English)

Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mettermost 10.5.7 and earlier versions 10.5.x, 9.11.16 and earlier versions 9.11.x, which stems from the fact that new tokens are not negotiated at the time of acceptance of the invitation, and may lead to the interception of invitations and passwords to send synchronized loads via RST API.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mattermost

Published

2025-07-18

Last Modified

2026-02-24

References

https://mattermost.com/security-updates https://access.redhat.com/security/cve/cve-2025-6227