
We found results for “”
CVE-2025-1472
Good to know:

Date: March 19, 2025
Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics.
Severity Score
Severity Score
Weakness Type (CWE)
Incorrect Authorization
CWE-863Top Fix

Upgrade Version
Upgrade to version github.com/mattermost/mattermost-server - v9.11.9;https://github.com/mattermost/mattermost.git - v9.11.8
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |