Primary

Context

Mattermost Server Shared Channel Membership Synchronization User Data Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Mattermost Server versions 10.10.x prior to 10.10.1, where user data is not properly sanitized during shared channel membership synchronization. This flaw allows malicious or compromised remote clusters to access sensitive user information through unsanitized user objects. The issue affects Mattermost Server instances with shared channels enabled.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information.

Remediation

Users can upgrade to Mattermost Server version 10.11.0 to address this vulnerability.

Added: Sep 15, 2025, 10:18 AM

Updated: Sep 15, 2025, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Server Shared Channel Membership Synchronization User Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mattermost Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating