NIXPKGS-2026-0261
GitHub issue
published on 17 Feb 2026
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
4 packages
- mattermost-desktop
- python312Packages.mattermostdriver
- python313Packages.mattermostdriver
- python314Packages.mattermostdriver
-
@LeSuisse
removed
5 maintainers
- @fsagbuya
- @Kranzes
- @numinit
- @mgdelacroix
- @ryantm
- @LeSuisse accepted
- @LeSuisse published on GitHub
Information disclosure via channel mentions in posts
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the channel_mentions property in the API response. Mattermost Advisory ID: MMSA-2025-00563
Affected products
Mattermost
- =<10.11.9
- ==11.3.0
- ==11.1.3
- =<11.1.2
- ==11.2.2
- =<11.2.1
- ==10.11.10
Matching in nixpkgs
pkgs.mattermost
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle
Package maintainers
Ignored maintainers (5)
-
@fsagbuya Florian Agbuya <fa@m-labs.ph>
-
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
-
@ryantm Ryan Mulligan <ryan@ryantm.com>