Mattermost Frontend Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Mattermost versions 10.2.0, 9.11.5, 10.0.3, and 10.1.3. The issue arises because these versions do not properly validate the style of proto supplied to an action's style in post.props.attachments. This flaw allows an attacker to crash the frontend by sending crafted malicious input.

Impact

Exploitation of this vulnerability leads to a crash of the Mattermost frontend.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Frontend Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating