Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated remote cluster can modify or delete posts it does not own in Mattermost Connected Workspaces shared channels
Vulnerability Description
Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing arbitrary post IDs in channels shared with that remote.. Mattermost Advisory ID: MMSA-2026-00689
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Mattermost 授权问题漏洞
Vulnerability Description
Mattermost是美国Mattermost公司开源的一个开源协作平台。 Mattermost存在授权问题漏洞,该漏洞源于未在共享通道入站同步处理器中验证帖子所有权,可能导致经过身份验证的远程集群通过引用与远程共享的通道中任意帖子ID的特制同步消息,修改或删除由本地用户或其他远程用户创作的帖子。以下版本受到影响:11.7.2及之前的11.7.x版本、11.6.4及之前的11.6.x版本、10.11.19及之前的10.11.x版本。
CVSS Information
N/A
Vulnerability Type
N/A