Primary

Context

Mattermost User Permission Vulnerability in Boards Feature Allowing Unauthorized File Access and Subscriptions

Vulnerability

Patched

A vulnerability exists in Mattermost versions 10.11.x through 10.11.4 and 10.5.x through 10.5.12, where the application fails to properly validate user permissions when accessing files and subscribing to blocks in the Boards feature. This flaw enables an authenticated user to access files from other users' boards and subscribe to blocks on those boards, even without the necessary permissions.

Impact

Exploitation of this vulnerability allows for unauthorized access to files uploaded by other users and the ability to subscribe to blocks on boards without having the appropriate access rights.

Remediation

Users can upgrade to Mattermost versions 11.1.010.11.510.5.13 or 11.1.010.11.5 to address this vulnerability.

Added: Dec 2, 2025, 10:20 AM

Updated: Dec 2, 2025, 6:03 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

5.2

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

5.2

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost User Permission Vulnerability in Boards Feature Allowing Unauthorized File Access and Subscriptions

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating