NIXPKGS-2026-0261

GitHub issue published on

Permalink CVE-2025-14350

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 month, 4 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 4 weeks ago
@LeSuisse ignored
4 packages
- mattermost-desktop
- python312Packages.mattermostdriver
- python313Packages.mattermostdriver
- python314Packages.mattermostdriver
1 month, 4 weeks ago
@LeSuisse deleted
5 maintainers
- @fsagbuya
- @Kranzes
- @numinit
- @mgdelacroix
- @ryantm
1 month, 4 weeks ago maintainer.delete
@LeSuisse accepted 1 month, 4 weeks ago
@LeSuisse published on GitHub 1 month, 4 weeks ago

Information disclosure via channel mentions in posts

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the channel_mentions property in the API response. Mattermost Advisory ID: MMSA-2025-00563

References

MMSA-2025-00563 vendor-advisory
MMSA-2025-00563 vendor-advisory

Affected products

Mattermost

==11.2.2
=<11.1.2
=<11.2.1
==11.1.3
==10.11.10
==11.3.0
=<10.11.9

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.10
- nixpkgs-unstable 10.11.10
- nixos-unstable-small 10.11.10
nixos-25.11 10.11.10
- nixos-25.11-small 10.11.10
- nixpkgs-25.11-darwin 10.11.10

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.4.0
- nixpkgs-unstable 11.4.0
- nixos-unstable-small 11.4.0
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

Ignored packages (4)

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.0.4
- nixos-unstable-small 6.0.4
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

Ignored maintainers (5)

@fsagbuya Florian Agbuya <fa@m-labs.ph>
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>

Fixed in:
* Unstable: https://github.com/NixOS/nixpkgs/pull/480349 / https://github.com/NixOS/nixpkgs/pull/478724
* 25.11: https://github.com/NixOS/nixpkgs/pull/480574 / https://github.com/NixOS/nixpkgs/pull/479561

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0261

References

Affected products

Matching in nixpkgs

pkgs.mattermost

pkgs.mattermostLatest

pkgs.mattermost-desktop

pkgs.python312Packages.mattermostdriver

pkgs.python313Packages.mattermostdriver

pkgs.python314Packages.mattermostdriver

Package maintainers