CNNVD-202510-2391 Information
CNNVD ID
CNNVD-202510-2391
Related CVE
- CNNVD Published: 2025-10-16
Description (Chinese)
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.10及之前的10.5.x版本和10.11.2及之前的10.11.x版本存在安全漏洞,该漏洞源于未能正确验证访客用户权限,可能导致访客用户通过/api/v4/teams/team_id/channels/ids端点发现活动公共频道及其元数据。
Description (English)
Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mettermost 10.5.10 and earlier versions 10.5.x and 10.11.2 and earlier versions 10.11.x, which stems from the failure to correctly verify visitor user privileges and may lead to the discovery of the public channel and its metadata by visitors via/api/v4/teams/team id/channels/ids endpoint.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Mattermost
Published
2025-10-16
Last Modified
2026-02-24
References
https://mattermost.com/security-updates https://access.redhat.com/security/cve/cve-2025-41443
Patch
https://mattermost.com/security-updates/
Share on: