Mattermost Bookmark Metadata Exposure Vulnerability

Vulnerability

A vulnerability exists in Mattermost versions 10.5.x prior to 10.5.1 and 9.11.x prior to 9.11.9, where the application fails to verify if a file has been deleted when a bookmark is created. This oversight allows an attacker who knows the IDs of deleted files to retrieve metadata about those files through the bookmark creation process.

Impact

Exploitation of this vulnerability could lead to unauthorized access to metadata of deleted files, potentially including sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.0

exploitability

4.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.0

exploitability

4.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Bookmark Metadata Exposure Vulnerability

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating