CVE-2025-20033

Published Jan 9, 2025

Last updated a month ago

CVSS medium 4.3

Overview

Description
Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props.
Source
responsibledisclosure@mattermost.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Severity
MEDIUM

Weaknesses

responsibledisclosure@mattermost.com
CWE-1287

Social media

Hype score
Not currently trending

  1. CVE-2025-20033 Denial of Service in Mattermost via Improper Post Type Validation In Mattermost versions 10.2.0, 9.11.x up to 9.11.5, 10.0.x up to 10.0.3, and 10.1.x up to 10.1.3, there is an issue with how post t... https://t.co/ZJaHLCTL5j

    @VulmonFeeds

    9 Jan 2025

    34 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References