VDB

BIT-mattermost-2025-27715

BIT-mattermost-2025-27715 PUBLISHED CVSS 2.700000047683716 LOW

Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.

Risk Scores

CVSS v3.1
2.700000047683716
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Bitnamimattermost9.11.0, 9.11.0, 9.11.0

Timeline

  • Mar 28, 2025 CVE Published
  • Apr 3, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›