CVE-2026-3112
MEDIUM6.8EPSS 0.02%Mattermost allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration
發布日:2026/3/26修改日:2026/3/31
描述
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost Advisory ID: MMSA-2025-00562.
受影響套件(1)
- Go/github.com/mattermost/mattermost/server/v8>= 11.4.0-rc1, < 11.4.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |