Mattermost
Moderate fix5 remedies
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*
Moderate fix5 remedies
- >= 11.1.0, <= 11.1.0
- >= 11.0.0, <= 11.0.5
- >= 10.12.0, <= 10.12.3
- >= 10.11.0, <= 10.11.7
Mattermost Channel Membership Validation Vulnerability in Jira Plugin Allowing Unauthorized Post Access
Vulnerability
Patched
A vulnerability exists in Mattermost versions 11.1.x through 11.1.0, 11.0.x through 11.0.5, 10.12.x through 10.12.3, and 10.11.x through 10.11.7. The issue arises because the application fails to properly validate user channel membership when posts are attached as comments to Jira issues. This flaw enables an authenticated attacker with access to the Jira plugin to read post content and attachments from channels to which they do not have access.
Impact
Exploitation of this vulnerability allows unauthorized access to channel posts and attachments, bypassing channel membership restrictions.
Remediation
Users can upgrade to Mattermost versions 11.2.0, 11.1.0, 10.12.4, or 10.11.8 to address this vulnerability.
Added: Dec 24, 2025, 8:17 AM
Updated: Dec 24, 2025, 8:17 AM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
5.2remediation
7.7relevance
1.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.