Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-6226

Опубликовано: 18 июл. 2025
Источник: debian
EPSS Низкий

Описание

Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mattermost-serveritppackage

EPSS

Процентиль: 7%
0.00032
Низкий

Связанные уязвимости

CVSS3: 6.5
nvd
около 1 месяца назад

Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts.

CVSS3: 6.5
github
около 1 месяца назад

Mattermost Missing Authentication for Critical Function

EPSS

Процентиль: 7%
0.00032
Низкий