4.3
CVE-2025-2564
- EPSS 0.18%
- Veröffentlicht 16.04.2025 16:12:14
- Zuletzt bearbeitet 29.09.2025 21:13:11
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
Unauthorized View Access to Archived Channel Member Info
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Server Version >= 9.11.0 < 9.11.10
Mattermost ≫ Mattermost Server Version >= 10.4.0 < 10.4.4
Mattermost ≫ Mattermost Server Version >= 10.5.0 < 10.5.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.4 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| responsibledisclosure@mattermost.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.