CVE-2025-24920

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-24920
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
History

27 Mar 2025, 14:10

Type Values Removed Values Added
Summary
  • (es) Las versiones de Mattermost 10.4.x &lt;= 10.4.2, 10.3.x &lt;= 10.3.3, 9.11.x &lt;= 9.11.8, 10.5.x &lt;= 10.5.0 no restringen la creación y actualización de marcadores en canales archivados, lo que permite que los usuarios autenticados creen o actualicen marcadores en canales archivados.
CPE cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
First Time Mattermost
Mattermost mattermost Server

21 Mar 2025, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-21 09:15

Updated : 2025-03-27 14:10

NVD link : CVE-2025-24920

Mitre link : CVE-2025-24920

CVE.ORG link : CVE-2025-24920

JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-863

Incorrect Authorization