Primary

Context

Mattermost Denial-of-Service Vulnerability via Improper Post Type Validation

Vulnerability

A denial-of-service vulnerability has been identified in Mattermost versions 10.2.0, 9.11.x through 9.11.5, 10.0.x through 10.0.3, and 10.1.x through 10.1.3. The issue arises from the application's failure to properly validate post types, allowing attackers to disrupt service for users with the 'sysconsole_read_plugins' permission. This is achieved by creating a post with the 'custom_pl_notification' type and specific properties.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition for affected users.

Remediation

Users can upgrade to Mattermost version 10.9.010.5.69.11.1610.8.110.7.310.6.6 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Denial-of-Service Vulnerability via Improper Post Type Validation

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating