Mattermost Server 10.4.x < 10.4.3 / 10.3.x < 10.3.4 /9.11.x < 9.11.9 / 10.5.x < 10.5.1 (MMSA-2025-00432)

The version of Mattermost Server installed on the remote host is prior to 10.4.4 / 10.3.4 / 9.11.9 / 10.5.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00432 advisory. - Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail t...

CVE-2025-24920

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

CVE-2025-24920

creationtimestamp| type| source ---|---|--- 2025-03-21 11:48:01+00:00| seen| https://t.me/cvedetector/20803 2025-03-21 13:23:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkvcp4uo5q26 2025-08-11 18:27:49+00:00| seen| MISP/3e4b778d-5810-4171-a915-f1d106684af4...

CVE-2025-24920

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

CVE-2025-24920

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

CVE-2025-24920

CVE-2025-24920 concerns Mattermost Server where versions 9.11.x ≤ 9.11.8, 10.3.x ≤ 10.3.3, 10.4.x ≤ 10.4.2, and 10.5.x ≤ 10.5.0 fail to restrict bookmark creation and updates in archived channels. The result is that authenticated users can create or update bookmarks within archived channels (per ...

CVE-2025-24920 Unauthorized Bookmark Creation and Modification in Archived Channels

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

CVE-2025-24920 Unauthorized Bookmark Creation and Modification in Archived Channels

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...