Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-36530

Опубликовано: 21 авг. 2025
Источник: debian

Описание

Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin signature enforcement and marketplace restrictions.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mattermost-serveritppackage

Связанные уязвимости

nvd логотип

CVE-2025-36530

CVSS3: 6.8
nvd
6 месяцев назад

Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin signature enforcement and marketplace restrictions.

github логотип

GHSA-gq3r-5833-5532

CVSS3: 6.8
github
6 месяцев назад

Mattermost Fails to Validate File Paths