Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-27715

Опубликовано: 21 мар. 2025
Источник: debian

Описание

Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mattermost-serveritppackage

Связанные уязвимости

nvd логотип

CVE-2025-27715

CVSS3: 3.3
nvd
11 месяцев назад

Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.

github логотип

GHSA-cw7q-5cgc-h3h9

CVSS3: 3.3
github
11 месяцев назад

Mattermost fail to prompt for explicit approval before adding a team admin to a private channel