CVE-2026-3115

MEDIUM4.3EPSS 0.01%

Mattermost allows authenticated guest users to enumerate user IDs outside their allowed visibility scope

發布日:2026/3/26修改日:2026/3/31

描述

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint. Mattermost Advisory ID: MMSA-2026-00594.

受影響套件(1)

Go/github.com/mattermost/mattermost/server/v8>= 11.4.0, < 11.4.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-3115
PATCHhttps://github.com/mattermost/mattermost
WEBhttps://mattermost.com/security-updates