Mattermost Improper Permission Validation Vulnerability Allowing Unauthorized Modifications to System Administrators

Vulnerability

A vulnerability exists in Mattermost versions 10.5.x through 10.5.1, 10.4.x through 10.4.3, and 9.11.x through 9.11.9. The issue arises from a failure to properly restrict certain operations on system administrators, allowing users with delegated granular administration rights and the 'Edit Other Users' permission to make unauthorized changes to system admin accounts. This vulnerability is due to inadequate permission validation, which could be exploited to disrupt administrative functions or manipulate admin accounts.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of system administrator accounts, potentially allowing for abuse of admin privileges or disruption of administrative tasks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Improper Permission Validation Vulnerability Allowing Unauthorized Modifications to System Administrators

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating