CNNVD-202510-2383 Information

CNNVD ID

CNNVD-202510-2383

Related CVE

CVE-2025-54499

• CNNVD Published: 2025-10-16

Description (Chinese)

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.10及之前的10.5.x版本和10.11.2及之前的10.11.x版本存在安全漏洞，该漏洞源于未使用恒定时间比较敏感字符串，可能导致攻击者通过响应时间分析对Cloud API密钥和OAuth客户端密钥进行逐字节暴力破解攻击。

Description (English)

Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mettermost 10.5.10 and earlier versions 10.5.x and 10.11.2 and earlier versions 10.11.x, which stems from the more sensitive strings of unused time, which may lead to violent byte decomposition of the attack by the attackers through response time analysis of the Claude API key and the OAuth client key.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mattermost

Published

2025-10-16

Last Modified

2026-02-24

References

https://mattermost.com/security-updates

Patch

https://mattermost.com/