Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-1792

Опубликовано: 30 мая 2025
Источник: debian
EPSS Низкий

Описание

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mattermost-serveritppackage

EPSS

Процентиль: 9%
0.00032
Низкий

Связанные уязвимости

nvd логотип

CVE-2025-1792

CVSS3: 3.1
nvd
8 месяцев назад

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.

github логотип

GHSA-hc6v-386m-93pq

CVSS3: 3.1
github
8 месяцев назад

Mattermost fails to properly enforce access controls for guest users

EPSS

Процентиль: 9%
0.00032
Низкий