Home
MEDIUM: 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NDefault status
unaffected
11.4.0 (semver)
affected
11.3.0 (semver)
affected
11.2.0 (semver)
affected
10.11.0 (semver)
affected
11.5.0
unaffected
11.4.1
unaffected
11.3.2
unaffected
11.2.4
unaffected
10.11.12
unaffected
Description
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost Advisory ID: MMSA-2025-00562
Problem types
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
11.4.0 (semver)
11.3.0 (semver)
11.2.0 (semver)
10.11.0 (semver)
11.5.0
11.4.1
11.3.2
11.2.4
10.11.12
Credits
mufeedvh
References
mattermost.com/security-updates (MMSA-2025-00562)