Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 6.5 Go

Mattermost Missing Authorization vulnerability

GHSA-3vcm-c42p-3hhf · CVE-2025-9076 · GO-2025-3950

Published · Modified

Description

Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes