PT-2026-25759 · Mattermost · Mattermost

0X7Oda7123

Publicado

2026-02-13

Atualizado

2026-03-27

CVE-2026-24692

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.10 Mattermost versions 11.2.0 through 11.2.2 Mattermost versions 11.3.0

Description Mattermost does not correctly enforce read permissions in the search API endpoints. This allows guest users without read permissions to access posts and files in channels by making requests to the search API. The vulnerable API endpoints are not explicitly specified. The search API is affected. The vulnerable parameter is not specified.

Recommendations Mattermost versions 10.11.0 through 10.11.10 should be updated. Mattermost versions 11.2.0 through 11.2.2 should be updated. Mattermost version 11.3.0 should be updated.

Correção

Improper Access Control

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-863

Identificadores relacionados

BDU:2026-06561

CVE-2026-24692

GHSA-CWFJ-642J-GFH4

GO-2026-4745

SUSE-SU-2026:1135-1

Produtos afetados

Mattermost

PT-2026-25759 · Mattermost · Mattermost

CVE-2026-24692

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 152