Mattermost Denial-of-Service Vulnerability in Playbooks Plugin RetrospectivePost Custom Post Type

Vulnerability

A denial-of-service vulnerability has been identified in the Mattermost Playbooks plugin, specifically within versions 10.4.x prior to 10.4.2, 10.5.x prior to 10.5.0, and 9.11.x prior to 9.11.10. The issue arises because these versions do not properly validate the properties used by the RetrospectivePost custom post type. This lack of validation allows an attacker to create a post with maliciously crafted properties, leading to a denial-of-service condition that affects the web application for all users.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the web application, impacting all users.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Denial-of-Service Vulnerability in Playbooks Plugin RetrospectivePost Custom Post Type

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating