Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-3113
5.0 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
mmctl export download command doesn’t restrict permissions to created file to file owner
Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export.. Mattermost Advisory ID: MMSA-2026-00593
References
-
MMSA-2026-00593 vendor-advisory
Affected products
Mattermost
- =<10.11.11
- =<11.3.1
- ==11.5.0
- =<11.2.3
- =<11.4.0
- ==11.4.1
- ==10.11.12
- ==11.2.4
- ==11.3.2
Matching in nixpkgs
pkgs.mattermost
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle
pkgs.mattermostLatest
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle
pkgs.mattermost-desktop
Mattermost Desktop client
pkgs.python312Packages.mattermostdriver
Python Mattermost Driver
pkgs.python313Packages.mattermostdriver
Python Mattermost Driver
pkgs.python314Packages.mattermostdriver
Python Mattermost Driver
Package maintainers
-
@fsagbuya Florian Agbuya <fa@m-labs.ph>
-
@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
-
@ryantm Ryan Mulligan <ryan@ryantm.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
-
@liff Olli Helenius <liff@iki.fi>
-
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
-
@globin Robin Gloster <mail@glob.in>