更新: 413 个文件 - 2026-03-24 03:45:07

2026-03-24 03:45:08 -07:00
--- a/07-framework-security/platforms/mattermost/INDEX.md
+++ b/07-framework-security/platforms/mattermost/INDEX.md
@@ -5,14 +5,14 @@
 - 系统 ID: `mattermost`
 - 分类: `platforms`
 - 覆盖策略: `rolling-24m`
- 总案例数: `21`
- 近 30 天新增/更新: `20`
- 重点 Markdown 案例数: `21`
+- 总案例数: `31`
+- 近 30 天新增/更新: `30`
+- 重点 Markdown 案例数: `31`
 - 已实证(真实版本): `0`
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
- 待人工/缺浏览器证据: `21`
- 最近渲染时间: `2026-03-23T09:54:10+00:00`
+- 待人工/缺浏览器证据: `31`
+- 最近渲染时间: `2026-03-24T09:18:19+00:00`

 ## 目标约束

@@ -34,8 +34,18 @@
 | 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
 |------|--------|----------|----------|----------|------------|----------|--------|
 | Issue Identifier | `severity` | `generated` | `triage-manual` | `synthetic` | `official` | `Fix Release Date` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-issue-identifier.md) |
-| Mattermost fails to validate user's authentication method when processing account auth type switch | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-19T19:31:20.982512Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md) |
-| MMSA-2025-00553 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md) |
+| Mattermost fails to validate user's authentication method when processing account auth type switch | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:23.696710Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-22545.md) |
+| Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:08.125706Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2455.md) |
+| Mattermost fails to properly enforce read permissions in search API endpoints | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:55:57.125165Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-24692.md) |
+| Mattermost fails to use consistent error responses when handling the /mute command | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:15.398070Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-21386.md) |
+| Mattermost fails to validate team-specific upload_file permissions | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:04.837800Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md) |
+| Mattermost allows a removed team member to enumerate all public channels within a private team | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:02.455815Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2458.md) |
+| Mattermost fails to filter invite IDs based on user permissions | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:08.610141Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2463.md) |
+| Mattermost fails to preserve the redacted state of burn-on-read posts during deletion | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:01.583567Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2578.md) |
+| Mattermost fails to properly handle very long passwords | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:03.732922Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-24458.md) |
+| Mattermost allows attackers to spoof permalink embeds | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:18.286997Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2457.md) |
+| Mattermost fails to bound memory allocation when processing DOC files | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:18.467718Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-25780.md) |
+| Mattermost fails to bound memory allocation when processing PSD image files | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:08.918090Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-26246.md) |
 | MMSA-2026-00574 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00574.md) |
 | MMSA-2026-00603 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00603.md) |
 | MMSA-2026-00624 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00624.md) |