Primary

Context

Mattermost Channel Export Access Control Vulnerability

Vulnerability

A vulnerability exists in Mattermost versions 10.1.x through 10.1.3, 10.4.x through 10.4.1, 9.11.x through 9.11.7, 10.3.x through 10.3.2, and 10.2.x through 10.2.2. These versions fail to properly restrict the export of archived channel contents when the 'Allow users to view archived channels' setting is disabled. As a result, users can export channel contents from archived channels they should not have access to.

Impact

Exploitation of this vulnerability allows unauthorized access to exported contents of archived channels, violating intended access controls.

Remediation

Users are advised to update to the latest version of Mattermost. Specific update instructions can be found in the Mattermost documentation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Channel Export Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating