Mattermost Group Access Permission Vulnerability in Versions 10.5.x and 9.11.x

Vulnerability

A vulnerability exists in Mattermost versions 10.5.x through 10.5.2 and 9.11.x through 9.11.11, where the application fails to properly verify user permissions when accessing group information. This flaw allows an attacker to retrieve group details via an API request.

Impact

Exploitation of this vulnerability could lead to unauthorized access to group information, potentially allowing attackers to gather sensitive data about group activities or members.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Group Access Permission Vulnerability in Versions 10.5.x and 9.11.x

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating