Mattermost Prompt Injection Vulnerability in AI Plugin's Jira Tool Allowing Data Exfiltration

Vulnerability

A vulnerability exists in Mattermost versions 10.4.x through 10.4.2, 10.5.x through 10.5.0, and 9.11.x through 9.11.9. These versions fail to properly restrict the domains that the AI plugin can contact, enabling an authenticated user to exfiltrate data from any server accessible to the victim. This is achieved by injecting prompts that manipulate the AI plugin's behavior in relation to Jira.

Impact

Exploitation of this vulnerability allows for unauthorized data exfiltration from servers accessible to the victim.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Prompt Injection Vulnerability in AI Plugin's Jira Tool Allowing Data Exfiltration

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating