Channel Metadata Access Issue in Mattermost by Mattermost
CVE-2025-27571
4.3MEDIUM
What is CVE-2025-27571?
Certain versions of Mattermost have a flaw that permits authenticated users to access metadata of posts in archived channels, bypassing the 'Allow Users to View Archived Channels' setting. This issue arises during the retrieval of channel metadata when the channels are archived. The affected versions include Mattermost 10.5.x up to 10.5.1, 10.4.x up to 10.4.3, and 9.11.x up to 9.11.9. It is crucial for users of Mattermost to review their versions and apply necessary updates to mitigate this vulnerability.
Affected Version(s)
Mattermost 10.5.0 <= 10.5.1
Mattermost 10.4.0 <= 10.4.3
Mattermost 9.11.0 <= 9.11.9