CNNVD-202509-2252 Information

CNNVD ID

CNNVD-202509-2252

Related CVE

CVE-2025-9072

• CNNVD Published: 2025-09-15

Description (Chinese)

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.10.1及之前的10.10.x版本、10.5.9及之前的10.5.x版本和10.9.4及之前的10.9.x版本存在安全漏洞，该漏洞源于未验证redirect_to参数，可能导致攻击者通过特制链接窃取用户cookie。

Description (English)

Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mettermost 10.10.1 and earlier versions 10.10.x, 10.5.9 and earlier versions 10.5.x and 10.9.4 and earlier versions 10.9.x, which originates from unverified redirect to parameters and may lead to the attacker stealing the user cookies through a special link.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Matthias Van Woensel

Published

2025-09-15

Last Modified

2026-02-24

References

https://mattermost.com/security-updates

Patch

https://mattermost.com/security-updates/