CVE-2025-41443
Mattermost versions 10.5.x <= 10.5.12, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_id}/channels/ids` endpoint
Vendor
Product
CWE
Yayın Tarihi
2025-10-16 08:15:35
Güncelleme
2025-10-29 08:15:30
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-