CNNVD-202510-2387 Information

CNNVD ID

CNNVD-202510-2387

Related CVE

CVE-2025-10545

• CNNVD Published: 2025-10-16

Description (Chinese)

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.10及之前的10.5.x版本和10.11.2及之前的10.11.x版本存在安全漏洞，该漏洞源于未能正确验证访客用户权限，可能导致访客用户通过/api/v4/channels/{channel_id}/members端点将任意团队成员添加到其私有频道。

Description (English)

Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mettermost 10.5.10 and previous versions 10.5.x and 10.11.2 and previous versions 10.11.x, which stems from the failure to correctly validate visitor user privileges and may lead visitors to add any member of the team to their private channels by/api/v4/channels/{channel id}/members endpoint.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mattermost

Published

2025-10-16

Last Modified

2026-02-24

References

https://mattermost.com/security-updates

Patch

https://mattermost.com/security-updates/