PT-2025-12411 · Mattermost · Mattermost

Mrhashimamin

·

Publicado

2025-03-21

·

Atualizado

2025-03-28

·

CVE-2025-27933

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Mattermost versions 9.11.x through 9.11.8 Mattermost versions 10.3.x through 10.3.3 Mattermost versions 10.4.x through 10.4.2
Description The issue arises from the failure to enforce channel conversion restrictions. This allows members with permission to convert public channels to private ones to also convert private channels to public, potentially exposing sensitive information.
Recommendations For versions 9.11.x through 9.11.8, update to a version that enforces channel conversion restrictions. For versions 10.3.x through 10.3.3, update to a version that enforces channel conversion restrictions. For versions 10.4.x through 10.4.2, update to a version that enforces channel conversion restrictions.

Correção

LPE

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BIT-MATTERMOST-2025-27933
CVE-2025-27933
GHSA-H5V9-XW2G-7HRQ
GO-2025-3556
OPENSUSE-SU-2025:14937-1

Produtos afetados

Mattermost