CNNVD-202509-2256 Information
CNNVD ID
CNNVD-202509-2256
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost存在安全漏洞,该漏洞源于未正确验证链接元数据的缓存键,可能导致经过身份验证的用户通过FNV-1哈希冲突攻击访问未经授权的帖子和毒化链接预览。以下版本受到影响:10.8.3及之前的10.8.x版本、10.5.8及之前的10.5.x版本、9.11.17及之前的9.11.x版本、10.10.1及之前的10.10.x版本和10.9.3及之前的10.9.x版本。
Description (English)
Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Matermost, which stems from the failure to correctly verify the cache key of linked metadata, which may lead to unauthorized postage and poison link previews being accessed by an identified user through the FNV-1 Hashi conflict. The following versions were affected: 10.8.3 and earlier 10.8.x, 10.5.8 and earlier 10.5.x, 9.11.17 and earlier 9.11.x, 10.10.1 and earlier 10.10.x and 10.9.3 and earlier 10.9.x.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Matthias Van Woensel
Published
2025-09-15
Last Modified
2026-02-24
References
https://mattermost.com/security-updates
Patch
https://mattermost.com/security-updates/
Share on: