Primary

Context

Mattermost Privilege Escalation Vulnerability When Converting Users to Bots

Vulnerability

A vulnerability exists in Mattermost versions 9.11.x prior to 9.11.6 and 10.4.x prior to 10.4.1, allowing users to escalate privileges by converting them to bots without invalidating active sessions. This oversight enables the newly converted bot to inherit permissions that could be misused, depending on the bot's granted rights.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to gain elevated rights and access within the Mattermost application.

Remediation

Users are advised to upgrade to Mattermost versions 9.11.6 or 10.4.1.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Privilege Escalation Vulnerability When Converting Users to Bots

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating