CVE-2025-1792 - CERT CVE
ID CVE-2025-1792
Sažetak Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.
Reference
CVSS
Base: 3.1
Impact: 1.4
Exploitability:1.6
Pristup
VektorSloženostAutentikacija
NETWORK HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
LOW NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Zadnje važnije ažuriranje 30-05-2025 - 16:31
Objavljeno 30-05-2025 - 15:15