PT-2026-28421 · Mattermost · Mattermost
Mufeedvh
·
Publicado
2026-03-26
·
Atualizado
2026-03-27
·
CVE-2026-3112
CVSS v3.1
6.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 10.11.x through 10.11.11
Mattermost versions 11.2.x through 11.2.3
Mattermost versions 11.3.x through 11.3.1
Mattermost versions 11.4.x through 11.4.0
Description
The software does not properly validate file target paths for Advanced Logging. This allows system administrators to potentially read arbitrary host files through a malicious AdvancedLoggingJSON configuration when generating support packets.
Recommendations
Mattermost versions 10.11.x through 10.11.11 should be updated.
Mattermost versions 11.2.x through 11.2.3 should be updated.
Mattermost versions 11.3.x through 11.3.1 should be updated.
Mattermost versions 11.4.x through 11.4.0 should be updated.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mattermost