Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-24692

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 month ago

Guest users can bypass read permissions via search API

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554

References

MMSA-2025-00554 vendor-advisory

Affected products

Mattermost

==11.2.3
==10.11.11
=<11.3.0
==11.3.1
=<10.11.10
==11.4.0
=<11.2.2

Matching in nixpkgs

pkgs.mattermost

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 10.11.12
- nixpkgs-unstable 10.11.12
- nixos-unstable-small 10.11.12
nixos-25.11 10.11.12
- nixos-25.11-small 10.11.12
- nixpkgs-25.11-darwin 10.11.12

pkgs.mattermostLatest

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle

nixos-unstable 11.5.1
- nixpkgs-unstable 11.5.1
- nixos-unstable-small 11.5.1
nixos-25.11 11.3.0
- nixos-25.11-small 11.3.0
- nixpkgs-25.11-darwin 11.3.0

pkgs.mattermost-desktop

Mattermost Desktop client

nixos-unstable 6.0.4
- nixpkgs-unstable 6.1.0
- nixos-unstable-small 6.1.0
nixos-25.11 6.0.4
- nixos-25.11-small 6.0.4
- nixpkgs-25.11-darwin 6.0.4

pkgs.python312Packages.mattermostdriver

Python Mattermost Driver

nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python313Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2
nixos-25.11 7.3.2
- nixos-25.11-small 7.3.2
- nixpkgs-25.11-darwin 7.3.2

pkgs.python314Packages.mattermostdriver

Python Mattermost Driver

nixos-unstable 7.3.2
- nixpkgs-unstable 7.3.2
- nixos-unstable-small 7.3.2

Package maintainers

@Kranzes Ilan Joselevich <personal@ilanjoselevich.com>
@fsagbuya Florian Agbuya <fa@m-labs.ph>
@numinit Morgan Jones <me+nixpkgs@numin.it>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@mgdelacroix Miguel de la Cruz <mgdelacroix@gmail.com>
@liff Olli Helenius <liff@iki.fi>
@jokogr Ioannis Koutras <ioannis.koutras@gmail.com>
@globin Robin Gloster <mail@glob.in>