Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/06/13 11:7 a.m.4 views

CVE-2025-4573

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

4.1CVSS4.6AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/06/11 11:15 a.m.24 views

CVE-2025-4573

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

4.1CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2025/06/11 10:22 a.m.60 views

CVE-2025-4573

Mattermost LDAP issue (CVE-2025-4573): 10.5.x–10.7.x and 9.11.x up to 9.11.13 fail to validate LDAP group ID attributes. An authenticated administrator with PermissionSysconsoleWriteUserManagementGroups can trigger LDAP search filter injection via PUT /api/v4/ldap/groups/{remote_id}/link when obj...

4.1CVSS4.7AI score0.00236EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/11 10:22 a.m.8 views

CVE-2025-4573 LDAP Injection in Mattermost Enterprise Edition When Using Active Directory

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

4.1CVSS7.5AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/11 10:22 a.m.24 views

CVE-2025-4573 LDAP Injection in Mattermost Enterprise Edition When Using Active Directory

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

4.1CVSS0.00236EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 10:22 a.m.5 views

CVE-2025-4573 LDAP Injection in Mattermost Enterprise Edition When Using Active Directory

Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...

4.1CVSS6AI score0.00236EPSS
Exploits0References3
Rows per page
Query Builder