CVE-2025-31947

Medium

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated…

Mattermost·CWE-645·Published 2025-05-15

CVSS

5.3

EPSS

0.00

KEV

Exploits

cve.orgen

259 chars

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.

NVDen

259 chars

GHSAen

259 chars

NVDes

329 chars

Las versiones de Mattermost 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 no logran bloquear a los usuarios LDAP luego de repetidos fallos de inicio de sesión, lo que permite a los atacantes bloquear cuentas LDAP externas mediante repetidos fallos de inicio de sesión a través de Mattermost.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1	Secondary	NVD	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
3.1	Secondary	GHSA	5.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L