Количество 3
Количество 3
CVE-2025-13324
Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy (version 1) protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to authenticate as the remote cluster and perform limited actions on shared channels even after the invitation has been legitimately confirmed.
CVE-2025-13324
Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 1 ...
GHSA-x3r8-2hmh-89f5
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-13324 Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy (version 1) protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to authenticate as the remote cluster and perform limited actions on shared channels even after the invitation has been legitimately confirmed. | CVSS3: 3.7 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-13324 Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 1 ... | CVSS3: 3.7 | 0% Низкий | около 2 месяцев назад |
| GHSA-x3r8-2hmh-89f5 Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу