PT-2025-42445 · Mattermost · Mattermost

Doyensec

Publicado

2025-10-16

Atualizado

2025-11-07

CVE-2025-58073

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.10 Mattermost versions 10.10.x through 10.10.2 Mattermost versions 10.11.x through 10.11.1

Description The Mattermost software has an issue where user permissions are not properly verified when joining a team using an invite token. This is due to manipulation of the OAuth state parameter. An attacker can bypass team membership restrictions and join any team on a Mattermost server without authorization.

Recommendations Update Mattermost versions to a version later than 10.5.10 Update Mattermost versions to a version later than 10.10.2 Update Mattermost versions to a version later than 10.11.1

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

BDU:2025-13336

CVE-2025-58073

GHSA-6Q7M-P8CC-998R

GO-2025-4032

OPENSUSE-SU-2025:15710-1

Produtos afetados

Mattermost

PT-2025-42445 · Mattermost · Mattermost

CVE-2025-58073

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 91