CVE-2025-24526

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-24526

CGA ID

CGA-pc24-78v6-7mf7

Severity

4.3

Medium

CVSS V3

Summary

Mattermost fails to restrict channel export of archived channels

Description

Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access to it

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2025-24526

Severity

Summary

Description

References

Affected packages

Product

Why Chainguard

Customers

Company

Resources