icon

We found results for “

CVE-2025-27936

Good to know:

icon

Date: April 16, 2025

Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.

Severity Score

Severity Score

Weakness Type (CWE)

Observable Timing Discrepancy

CWE-208

Top Fix

icon

Upgrade Version

Upgrade to version github.com/mattermost/mattermost/server/v8 - v8.0.0-20250314142426-c049748b8863;https://github.com/mattermost/mattermost-plugin-msteams.git - v2.2.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us