CVE-2025-41436

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-41436

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-41436.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-41436

Aliases

Published

2025-11-14T08:15:45.310Z

Modified

2026-03-13T03:10:29.799752Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads

References

https://mattermost.com/security-updates

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "11.0.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-41436.json"