CVE-2025-47871
Essential information
- Published
- 30/06/2025 17:15
- Modified
- 30/06/2025 18:38
- Author
- —
- Creator
- —
- CVSS
- 4.3 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- LOW
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- NONE
- Integrity impact
- LOW
- Availability impact
- NONE
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint.
NVD status
- Status
- Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| mattermost / mattermost | cpe:2.3:a:mattermost:mattermost:10.5.0-10.5.5:*:*:*:*:*:*:* |
| mattermost / mattermost | cpe:2.3:a:mattermost:mattermost:9.11.0-9.11.15:*:*:*:*:*:*:* |
| mattermost / mattermost | cpe:2.3:a:mattermost:mattermost:10.8.0:*:*:*:*:*:*:* |
| mattermost / mattermost | cpe:2.3:a:mattermost:mattermost:10.7.0-10.7.2:*:*:*:*:*:*:* |
| mattermost / mattermost | cpe:2.3:a:mattermost:mattermost:10.6.0-10.6.5:*:*:*:*:*:*:* |