Upstream information
Description
Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.SUSE information
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
CNA (Mattermost) | |
---|---|
Base Score | 3.5 |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | Required |
Scope | Unchanged |
Confidentiality Impact | Low |
Integrity Impact | None |
Availability Impact | None |
CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- SUSE-SU-2025:0297-1, published 2025-01-30T14:03:41Z
- openSUSE-SU-2025:14644-1, published Wed Jan 15 18:50:27 2025
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.2 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.27 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.29 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.14 |
| |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-14644 |
SUSE Timeline for this CVE
CVE page created: Thu Jan 9 10:00:14 2025CVE page last modified: Sat Sep 6 12:42:16 2025