
We found results for “”
CVE-2025-30179
Good to know:

Date: March 21, 2025
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries.
Severity Score
Severity Score
Weakness Type (CWE)
Incorrect Authorization
CWE-863Top Fix

Upgrade Version
Upgrade to version https://github.com/mattermost/mattermost.git - v10.5.1;https://github.com/mattermost/mattermost.git - v10.4.3;https://github.com/mattermost/mattermost.git - v10.3.4;https://github.com/mattermost/mattermost.git - v9.11.9
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |