BIT-mattermost-2025-27933

BIT-mattermost-2025-27933 PUBLISHED CVSS 4.300000190734863 MEDIUM

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
Bitnami	mattermost	9.11.0, 10.3.0, 9.11.0

Timeline

Mar 28, 2025 CVE Published
Apr 3, 2025 CVE Updated

References

https://mattermost.com/security-updates url
https://nvd.nist.gov/vuln/detail/CVE-2025-27933 url

Open in Interactive Console →