Mattermost Server 10.7.0 Release Candidate 2
Approved changes feed: RSS · Atom
cpe:2.3:a:mattermost:mattermost_server:10.7.0:rc2:*:*:*:*:*:*
part: a version: 10.7.0 update: rc2
| Vendor | Mattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc) |
|---|---|
| Product | Mattermost Server (657bc445-594e-5ca1-a676-4f18538f1c02) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/mattermost/mattermost-server |
purl2cpe | 2026-06-01 10:18:19.891824 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-3611 |
vulnerable | 2026-06-03 15:01:05.189503 |
Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions
LOW (3.1)
Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with 'No access' to Teams in the System Console.
Published: 2025-05-30T14:22:09.854Z
Updated: 2025-05-30T14:37:42.109Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.