Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-fmrg-1n1p-uffu
SummaryMattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the 'Manage Members' permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges.
Aliases
0
alias CVE-2025-46702
1
alias GHSA-v8fr-vxmw-6mf6
Fixed_packages
0
url pkg:golang/github.com/mattermost/mattermost-server@0.0.0-20250513065225-4ae5d647fb88
purl pkg:golang/github.com/mattermost/mattermost-server@0.0.0-20250513065225-4ae5d647fb88
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/mattermost/mattermost-server@0.0.0-20250513065225-4ae5d647fb88
1
url pkg:golang/github.com/mattermost/mattermost/server/v8@8.0.0-20250513065225-4ae5d647fb88
purl pkg:golang/github.com/mattermost/mattermost/server/v8@8.0.0-20250513065225-4ae5d647fb88
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/mattermost/mattermost/server/v8@8.0.0-20250513065225-4ae5d647fb88
2
url pkg:golang/github.com/mattermost/mattermost/server/v8@9.11.16
purl pkg:golang/github.com/mattermost/mattermost/server/v8@9.11.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/mattermost/mattermost/server/v8@9.11.16
3
url pkg:golang/github.com/mattermost/mattermost/server/v8@10.5.6
purl pkg:golang/github.com/mattermost/mattermost/server/v8@10.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/mattermost/mattermost/server/v8@10.5.6
4
url pkg:golang/github.com/mattermost/mattermost/server/v8@10.6.6
purl pkg:golang/github.com/mattermost/mattermost/server/v8@10.6.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/mattermost/mattermost/server/v8@10.6.6
5
url pkg:golang/github.com/mattermost/mattermost/server/v8@10.7.3
purl pkg:golang/github.com/mattermost/mattermost/server/v8@10.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/mattermost/mattermost/server/v8@10.7.3
6
url pkg:golang/github.com/mattermost/mattermost/server/v8@10.8.1
purl pkg:golang/github.com/mattermost/mattermost/server/v8@10.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/mattermost/mattermost/server/v8@10.8.1
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46702
reference_id
reference_type
scores
0
value 0.00213
scoring_system epss
scoring_elements 0.43976
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46702
1
reference_url https://github.com/mattermost/mattermost
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mattermost/mattermost
2
reference_url https://github.com/mattermost/mattermost/commit/31142f101e3cce6171e2b6cb4980a1aa8eaefae0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mattermost/mattermost/commit/31142f101e3cce6171e2b6cb4980a1aa8eaefae0
3
reference_url https://github.com/mattermost/mattermost/commit/4ae5d647fb8893d77dccbb57d114855939a775ce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mattermost/mattermost/commit/4ae5d647fb8893d77dccbb57d114855939a775ce
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46702
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46702
5
reference_url https://mattermost.com/security-updates
reference_id security-updates
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-30T20:48:59Z/
url https://mattermost.com/security-updates
Weaknesses
0
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-fmrg-1n1p-uffu