Publish Advisories

GHSA-fmqf-pmcm-8cx9
GHSA-rmq4-3p8m-qj5r
GHSA-vww6-79rv-3j4x

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-fmqf-pmcm-8cx9/GHSA-fmqf-pmcm-8cx9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fmqf-pmcm-8cx9",
+  "modified": "2025-12-24T09:30:22Z",
+  "published": "2025-12-24T09:30:22Z",
+  "aliases": [
+    "CVE-2025-13767"
+  ],
+  "details": "Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13767"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mattermost.com/security-updates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T08:15:45Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-rmq4-3p8m-qj5r/GHSA-rmq4-3p8m-qj5r.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rmq4-3p8m-qj5r",
+  "modified": "2025-12-24T09:30:22Z",
+  "published": "2025-12-24T09:30:22Z",
+  "aliases": [
+    "CVE-2025-57840"
+  ],
+  "details": "ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57840"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.honor.com/global/security/cve-2025-57840"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T07:16:09Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-vww6-79rv-3j4x/GHSA-vww6-79rv-3j4x.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vww6-79rv-3j4x",
+  "modified": "2025-12-24T09:30:22Z",
+  "published": "2025-12-24T09:30:22Z",
+  "aliases": [
+    "CVE-2025-64641"
+  ],
+  "details": "Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affected posts",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64641"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mattermost.com/security-updates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T08:15:46Z"
+  }
+}