{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T03:20:14.085","vulnerabilities":[{"cve":{"id":"CVE-2025-27936","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2025-04-16T10:15:14.797","lastModified":"2026-01-14T14:29:28.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison."},{"lang":"es","value":"Las versiones &lt;2.1.0 de Mattermost Plugin MSTeams y las versiones 10.5.x &lt;=10.5.1 de Mattermost Server con el complemento MS Teams habilitado no pueden realizar una comparación de tiempo constante en un secreto de webhook del complemento MSTeams, lo que permite que un atacante recupere el secreto de webhook del complemento MSTeams a través de un ataque de tiempo durante la comparación del secreto de webhook."}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-208"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionEndExcluding":"10.5.2","matchCriteriaId":"2DE93CBC-B6CE-4E53-8F2E-2E7994AD9E9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:ms_teams:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.0","matchCriteriaId":"871A9BE2-E180-45D7-B126-345AE4280A0B"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}