Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-14573

3.8 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months ago

Team Admin Bypass of Invite Permissions via allow_open_invite Field

Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561

References

MMSA-2025-00561 vendor-advisory

Affected products

Mattermost

==11.3.0
==10.11.10
=<10.11.9

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.10
- nixpkgs-unstable 10.11.10
- nixos-unstable-small 10.11.10
nixos-25.11 10.11.10
- nixos-25.11-small 10.11.10
- nixpkgs-25.11-darwin 10.11.10

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.4.0
- nixpkgs-unstable 11.4.0
- nixos-unstable-small 11.4.0
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.0.4
- nixos-unstable-small 6.0.4
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>