PT-2025-21273 · Mattermost · Mattermost

John Landells

·

Publicado

2025-04-15

·

Atualizado

2025-05-26

·

CVE-2025-31947

CVSS v3.1

5.8

Média

VetorAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 10.6.1
Description: The issue allows attackers to lock external LDAP accounts through repeated login failures due to Mattermost's failure to lock out LDAP users following repeated login failures.
Recommendations: For Mattermost versions 9.11.x through 10.6.1, update to a version that includes a fix for this issue to prevent LDAP account lockout bypass.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-645

Identificadores relacionados

BDU:2025-16010
CVE-2025-31947
GHSA-QGWX-RFFP-6CX9
GO-2025-3692
OPENSUSE-SU-2025:15159-1

Produtos afetados

Mattermost