Headline

GHSA-x3hx-ch7p-8xgg: Mattermost allows regular users to access archived channel content and files

Mattermost versions < 11.0 fail to properly enforce the “Allow users to view archived channels” setting which allows regular users to access archived channel content and files via the “Open in Channel” functionality from followed threads

4 days ago

ghsa

Open in Source

#git #perl

GitHub Advisory Database
GitHub Reviewed
CVE-2025-41436

Mattermost allows regular users to access archived channel content and files

Low severity GitHub Reviewed Published Nov 14, 2025 to the GitHub Advisory Database • Updated Nov 17, 2025

Package

gomod github.com/mattermost/mattermost-server (Go)

Affected versions

< 11.0.0-alpha.1

Patched versions

11.0.0-alpha.1

gomod github.com/mattermost/mattermost/server/v8 (Go)

< 8.0.0-20250815165020-c8d66301415d

8.0.0-20250815165020-c8d66301415d

Description

Published to the GitHub Advisory Database

Nov 14, 2025

Last updated

Nov 17, 2025

ghsa: Latest News

GHSA-7xcv-9j6c-2fmc: Modular Max Serve has Unsafe Deserialization vulnerability

7 hours ago

ghsa

GHSA-8c52-x9w7-vc95: XWiki view file macro: User can view content of office file without view rights on the attachment

9 hours ago

ghsa

GHSA-6pmj-xjxp-p8g9: LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

10 hours ago

ghsa

GHSA-ffpg-gm3h-4p5p: Backdrop CMS Host Header Injection vulnerability

10 hours ago

ghsa

GHSA-mhpg-hpj5-73r2: Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels

10 hours ago

ghsa