
We found results for “”
CVE-2025-9076
Good to know:


Date: September 15, 2025
Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.
Severity Score
Severity Score
Weakness Type (CWE)
Missing Authorization
CWE-862Top Fix

Upgrade Version
Upgrade to version github.com/mattermost/mattermost - v10.10.2;github.com/mattermost/mattermost/server/v8 - v8.0.0-20250729073403-517ae758cd02;github.com/mattermost/mattermost-server - v10.10.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |