CNNVD-202512-3983 Information
CNNVD ID
CNNVD-202512-3983
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 11.1.0及之前的11.1.x版本、11.0.5及之前的11.0.x版本、10.12.3及之前的10.12.x版本和10.11.7及之前的10.11.x版本存在安全漏洞,该漏洞源于Jira插件未强制执行身份验证和问题键路径限制,可能导致未经身份验证的攻击者通过特制插件有效载荷向Jira服务器发出经过身份验证的GET和POST请求。
Description (English)
Mattermost is an open-source collaborative platform for Mattermost in the United States. 11.1.0 and previous versions 11.1.x, 11.0.5 and previous versions 11.0.x, 10.12.3 and previous versions 10.12.x and 10.11.7 and previous versions 10.11.x have security loopholes, which stem from the unenforceable authentication and problem-key path limitations of the Jira plugin and may result in an unidentified attackor sending an authentication GET and POST request to the Jira server through a specially designed plugin payload.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Mattermost
Published
2025-12-22
Last Modified
2026-02-24
References
https://mattermost.com/security-updates https://access.redhat.com/security/cve/cve-2025-14273
Patch
https://github.com/marshmallow-code/marshmallow/tags
Share on: