CNNVD-202509-3165 Information
CNNVD ID
CNNVD-202509-3165
Related CVE
- CNNVD Published: 2025-09-21
Description (Chinese)
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.8.3及之前的10.8.x版本、10.5.8及之前的10.5.x版本、9.11.17及之前的9.11.x版本、10.10.1及之前的10.10.x版本和10.9.3及之前的10.9.x版本存在安全漏洞,该漏洞源于未验证导入目录路径配置,可能导致管理员用户通过恶意插件上传执行任意代码。
Description (English)
Mattermost is an open-source collaborative platform for Mattermost in the United States. Mattermust 10.8.x and earlier versions 10.8.3, 10.5.8 and earlier versions 10.5.x, 9.11.17 and earlier versions 9.11.x, 10.10.1 and earlier versions 10.10.x and 10.9.x and earlier versions 10.9.3 have security loopholes, which stem from unverified directory path configurations, which may lead to admin users uploading random codes through malicious plugs.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Matthias Van Woensel
Published
2025-09-21
Last Modified
2026-02-24
References
https://mattermost.com/security-updates https://access.redhat.com/security/cve/cve-2025-9079
Patch
https://mattermost.com/security-updates/
Share on: