CNNVD-202510-2386 Information

CNNVD ID

CNNVD-202510-2386

Related CVE

CVE-2025-41410

• CNNVD Published: 2025-10-16

Description (Chinese)

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.10.2及之前的10.10.x版本、10.5.10及之前的10.5.x版本和10.11.2及之前的10.11.x版本存在安全漏洞，该漏洞源于Slack导入过程中未验证电子邮件所有权，可能导致攻击者通过恶意Slack导入数据创建任意电子邮件域的已验证用户账户，绕过基于电子邮件的团队访问限制。

Description (English)

Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mettermost 10.10.2 and earlier versions 10.10.x, 10.5.10 and earlier versions 10.5.x and 10.11.2 and earlier versions 10.1.11.x, which originates from the lack of authentication of e-mail ownership during the Slack import process and may lead to the aggressor creating a certified user account of any e-mail domain through malicious Slack import data, circumventing e-mail-based team access restrictions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mattermost

Published

2025-10-16

Last Modified

2026-02-24

References

https://mattermost.com/security-updates

Patch

https://mattermost.com/security-updates/