Nixpkgs security tracker

Dismissed

Permalink CVE-2025-14435

6.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 2 months, 4 weeks ago by @LeSuisse Activity log

Created automatic suggestion 2 months, 4 weeks ago
@LeSuisse ignored
5 packages
- python312Packages.mattermostdriver
- python313Packages.mattermostdriver
- mattermost-desktop
- mattermostLatest
- mattermost
2 months, 4 weeks ago
@LeSuisse restored
2 packages
- mattermostLatest
- mattermost
2 months, 4 weeks ago
@LeSuisse dismissed 2 months, 4 weeks ago

Application-Level DoS via infinite re-render loop in user profile handling

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.

References

https://mattermost.com/security-updates

Affected products

Mattermost

=<11.1.1
==11.0.7
==11.1.2
==11.2.0
==10.11.9
=<11.0.6
=<10.11.8

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.8
- nixpkgs-unstable 10.11.7
- nixos-unstable-small 10.11.8

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.0.5
- nixpkgs-unstable 11.0.5
- nixos-unstable-small 11.0.5

Ignored packages (3)

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 5.13.1
- nixpkgs-unstable 5.13.1
- nixos-unstable-small 5.13.1

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

pkgs.python313Packages.mattermostdriver