CNNVD-202510-2380 Information

CNNVD ID

CNNVD-202510-2380

Related CVE

CVE-2025-58075

• CNNVD Published: 2025-10-16

Description (Chinese)

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.11.1及之前的10.11.x版本、10.10.2及之前的10.10.x版本和10.5.10及之前的10.5.x版本存在安全漏洞，该漏洞源于未验证用户是否具有使用原始邀请令牌加入Mattermost团队的权限，可能导致攻击者通过操纵RelayState绕过限制加入任意团队。

Description (English)

Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mattermost 10.1.1 and earlier versions 10.11.x, 10.10.x.2 and earlier versions 10.10.x and 10.5.10 and earlier versions 10.5.x, which stems from the failure to verify whether the user has the authority to use the original invitation token to join the Matermost team, which could lead the attackers to join the arbitrary team by manipulating Relay State to bypass the restriction.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mattermost

Published

2025-10-16

Last Modified

2026-02-24

References

https://mattermost.com/security-updates

Patch

https://mattermost.com/