GHSA-hc6v-386m-93pq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hc6v-386m-93pq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-hc6v-386m-93pq/GHSA-hc6v-386m-93pq.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-hc6v-386m-93pq
- Aliases
-
- CVE-2025-1792
- GO-2025-3730
- Published
- 2025-05-30T15:30:32Z
- Modified
- 2025-06-03T18:44:26.381695Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Mattermost fails to properly enforce access controls for guest users
- Details
-
Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.
- Database specific
{ "nvd_published_at": "2025-05-30T15:15:40Z", "github_reviewed": true, "github_reviewed_at": "2025-05-30T18:48:20Z", "severity": "LOW", "cwe_ids": [ "CWE-863" ] }- References
Affected packages
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8