CVE-2025-11776
published 2025-11-14CVE-2025-11776: Mattermost versions <11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Mattermost versions <11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the `/api/v4/teams/{team_id}/channels/search_archived` endpoint
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost | >= 0 < 5.3.2-0.20250815165020-c8d66301415d | 5.3.2-0.20250815165020-c8d66301415d |
| github.com | mattermost_mattermost-server | >= 0 < 5.3.2-0.20250815165020-c8d66301415d | 5.3.2-0.20250815165020-c8d66301415d |
| github.com | mattermost_mattermost-server_v5 | >= 0 < 5.3.2-0.20250815165020-c8d66301415d | 5.3.2-0.20250815165020-c8d66301415d |
| github.com | mattermost_mattermost-server_v6 | >= 0 < 5.3.2-0.20250815165020-c8d66301415d | 5.3.2-0.20250815165020-c8d66301415d |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.0.0-20250815165020-c8d66301415d | 8.0.0-20250815165020-c8d66301415d |
| mattermost | mattermost | <= <11 | — |
| mattermost | mattermost_server | < 11.0.0 | 11.0.0 |