4 matches found
LDAP Injection
Mattermost is vulnerable to LDAP Injection. The vulnerability is due to improper validation due to failure to sanitize LDAP group ID attributes in the /api/v4/ldap/groups/remoteid/link API when objectGUID is used as the Group ID Attribute...
Mattermost allows authenticated administrator to execute LDAP search filter injection
Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...
GHSA-4R67-4X4P-FPRG Mattermost allows authenticated administrator to execute LDAP search filter injection
Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...
CVE-2025-4573
Mattermost LDAP issue (CVE-2025-4573): 10.5.x–10.7.x and 9.11.x up to 9.11.13 fail to validate LDAP group ID attributes. An authenticated administrator with PermissionSysconsoleWriteUserManagementGroups can trigger LDAP search filter injection via PUT /api/v4/ldap/groups/{remote_id}/link when obj...