cbcvebase.
CVE-2025-24526
published 2025-02-24

CVE-2025-24526: Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access to it

Affected

19 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 10.2.0-rc1+incompatible < 10.2.3+incompatible10.2.3+incompatible
github.commattermost_mattermost-server>= 10.3.0-rc1+incompatible < 10.3.3+incompatible10.3.3+incompatible
github.commattermost_mattermost-server>= 10.4.0-rc1+incompatible < 10.4.2+incompatible10.4.2+incompatible
github.commattermost_mattermost-server>= 9.11.0-rc1+incompatible < 9.11.8+incompatible9.11.8+incompatible
github.commattermost_mattermost_server_v8>= 0 < 8.0.0-20250110161910-96195f1bd7468.0.0-20250110161910-96195f1bd746
github.commattermost_mattermost_server_v8>= 10.2.0-rc1 < 10.2.310.2.3
github.commattermost_mattermost_server_v8>= 10.3.0-rc1 < 10.3.310.3.3
github.commattermost_mattermost_server_v8>= 10.4.0-rc1 < 10.4.210.4.2
github.commattermost_mattermost_server_v8>= 9.11.0-rc1 < 9.11.89.11.8
mattermostmattermost10.1.0 – 10.1.3
mattermostmattermost10.2.0 – 10.2.2
mattermostmattermost10.3.0 – 10.3.2
mattermostmattermost10.4.0 – 10.4.1
mattermostmattermost9.11.0 – 9.11.7
mattermostmattermost_server>= 10.1.0 < 10.1.410.1.4
mattermostmattermost_server>= 10.2.0 < 10.2.310.2.3
mattermostmattermost_server>= 10.3.0 < 10.3.310.3.3
mattermostmattermost_server>= 10.4.0 < 10.4.210.4.2
mattermostmattermost_server>= 9.11.0 < 9.11.89.11.8