CVE-2025-24866
2.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Exploitability: 1.2 / Impact: 1.4
Source: responsibledisclosure@mattermost.com (Secondary)
Description
Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.
Affected (1)
Products: Mattermost: Mattermost Server
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 9.11.0 to 9.11.9 |
References (1)
Timeline
No history available yet.