Missing Authentication for Critical Function Affecting github.com/mattermost/mattermost/server/v8/channels/api4 package, versions <9.11.9-rc1>=10.3.0-rc1 <10.3.4-rc1>=10.4.0-rc1 <10.4.3-rc1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Missing Authentication for Critical Function vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-GOLANG-GITHUBCOMMATTERMOSTMATTERMOSTSERVERV8CHANNELSAPI4-9523744
- published27 Mar 2025
- disclosed21 Mar 2025
- creditA_osman123
Introduced: 21 Mar 2025
NewCVE-2025-30179 Â (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade github.com/mattermost/mattermost/server/v8/channels/api4 to version 9.11.9-rc1, 10.3.4-rc1, 10.4.3-rc1 or higher.
Overview
github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle
Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search, channel search, and team search failing to enforce multifactor authentication.