Security
Headlines

Headlines Latest CVEs

Headline

GHSA-3vcm-c42p-3hhf: Mattermost Missing Authorization vulnerability

Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.

1 day ago

#vulnerability #git #perl #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2025-9076

Mattermost Missing Authorization vulnerability

Moderate severity GitHub Reviewed Published Sep 15, 2025 to the GitHub Advisory Database • Updated Sep 15, 2025

Package

gomod github.com/mattermost/mattermost-server (Go)

Affected versions

>= 10.10.0, < 10.10.2

gomod github.com/mattermost/mattermost/server/v8 (Go)

< 8.0.0-20250729073403-517ae758cd02

8.0.0-20250729073403-517ae758cd02

Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9076
https://mattermost.com/security-updates

Published to the GitHub Advisory Database

Sep 15, 2025

Last updated

Sep 15, 2025

ghsa: Latest News

GHSA-w252-645g-87mp: Openfire has potential identity spoofing issue via unsafe CN parsing

13 hours ago

GHSA-frh7-2f84-v9mw: is-arrayish@0.3.3 contains malware after npm account takeover

15 hours ago

GHSA-6jp5-hh4c-8c5h: error-ex@1.3.3 contains malware after npm account takeover

15 hours ago

GHSA-pxx3-g568-hxr4: color-convert@3.1.1 contains malware after npm account takeover

15 hours ago

GHSA-5fvm-p68v-5wmh: color-name@2.0.1 contains malware after npm account takeover

16 hours ago