CVE-2025-27715
Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.
Vendor
Product
CWE
Yayın Tarihi
2025-03-21 09:15:13
Güncelleme
2025-03-27 15:01:03
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-