Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.

Affected Packages

Go github.com/mattermost/mattermost/server/v8

Affected versions: 10.0 (fixed in 10.3.0)

Go github.com/mattermost/mattermost/server/v8

Affected versions: 0 (fixed in 8.0.0-20250102081831-64c566a8280b)

Related CVEs

CVE-2025-22445

Key Information

GHSA ID

GHSA-7rgp-4j56-fm79

Published

January 9, 2025 9:31 AM

Last Modified

January 9, 2025 6:15 PM

CVSS Score

2.5 /10

Primary Ecosystem

Primary Package

github.com/mattermost/mattermost/server/v8

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.