VYPR
Low severityNVD Advisory· Published Apr 14, 2025· Updated Apr 14, 2025

Leaked Metadata of Deleted Files via Bookmark Creation

CVE-2025-2424

Description

Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
>= 10.5.0, < 10.5.210.5.2
github.com/mattermost/mattermost/server/v8Go
>= 9.11.0, < 9.11.109.11.10
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20250213231113-68c11e9ecb718.0.0-20250213231113-68c11e9ecb71

Affected products

11

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.