Upstream information
Description
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to publicSUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CNA (Mattermost) | National Vulnerability Database | |
|---|---|---|
| Base Score | 5.4 | 4.3 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | Low | None |
| Integrity Impact | Low | Low |
| Availability Impact | None | None |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2025:14937-1, published Sat Mar 29 18:50:22 2025
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-14937 |
SUSE Timeline for this CVE
CVE page created: Fri Mar 21 12:00:03 2025CVE page last modified: Sat Apr 5 01:07:41 2025