Primary

Context

Mattermost Comment Deletion Permission Vulnerability in Boards

Vulnerability

Patched

A vulnerability exists in Mattermost versions 11.0.x through 11.0.2, 10.12.x through 10.12.1, 10.11.x through 10.11.4, and 10.5.x through 10.5.12. These versions fail to properly validate user permissions when comments are deleted in Boards. This flaw allows an authenticated user with editor privileges to remove comments made by other users.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of comments in Boards, potentially disrupting communication and collaboration.

Remediation

Users can upgrade to Mattermost versions 11.2.0, 11.1.0, 10.12.2, 10.11.7, or 10.5.13 to address this vulnerability.

Added: Dec 1, 2025, 8:21 PM

Updated: Dec 1, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Comment Deletion Permission Vulnerability in Boards

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating