Security Advisory

CVE-2025-11777

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-13 17:32:03
Last updated 2025-11-13 18:01:46
Assigner Mattermost
State PUBLISHED

Description

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint