Mattermost
Moderate fix12 remedies
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*
Moderate fix12 remedies
- >= 10.7, <= 10.7.1
- >= 10.6, <= 10.6.3
- >= 10.5, <= 10.5.4
- >= 9.11, <= 9.11.13
Mattermost LDAP Group ID Attribute Validation Vulnerability Allowing Filter Injection
Vulnerability
Patched
A vulnerability exists in Mattermost versions 10.7.x through 10.7.1, 10.6.x through 10.6.3, 10.5.x through 10.5.4, and 9.11.x through 9.11.13. The issue arises from improper validation of LDAP group ID attributes, which allows an authenticated administrator with the appropriate permissions to perform LDAP search filter injection. This exploitation can be carried out via the 'PUT /api/v4/ldap/groups/{remote_id}/link' API when 'objectGUID' is set as the Group ID Attribute.
Impact
Exploitation of this vulnerability could lead to unauthorized LDAP search filter injection, potentially allowing for manipulation of LDAP group data or related functionalities.
Remediation
Users can upgrade to Mattermost versions 10.9.0, 10.8.0, 10.7.2, 10.6.6, or 9.11.14 to address this vulnerability.
Added: Jun 11, 2025, 11:16 AM
Updated: Jun 11, 2025, 11:16 AM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
4.8remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.