4 matches found
LDAP Injection
Mattermost is vulnerable to LDAP Injection. The vulnerability is due to improper validation due to failure to sanitize LDAP group ID attributes in the /api/v4/ldap/groups/remoteid/link API when objectGUID is used as the Group ID Attribute...
GHSA-4R67-4X4P-FPRG Mattermost allows authenticated administrator to execute LDAP search filter injection
Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...
Mattermost allows authenticated administrator to execute LDAP search filter injection
Mattermost versions 10.7.x = 10.7.1, 10.6.x = 10.6.3, 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT...
CVE-2025-4573
Mattermost LDAP issue (CVE-2025-4573): 10.5.x–10.7.x and 9.11.x up to 9.11.13 fail to validate LDAP group ID attributes. An authenticated administrator with PermissionSysconsoleWriteUserManagementGroups can trigger LDAP search filter injection via PUT /api/v4/ldap/groups/{remote_id}/link when obj...