Mattermost
Moderate fix5 remedies
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*
Moderate fix5 remedies
- >= 10.5, <= 10.5.5
- >= 9.11, <= 9.11.15
- >= 10.8, <= 10.8.0
- >= 10.7, <= 10.7.2
- >= 10.6, <= 10.6.5
Mattermost Channel Member Management Permission Bypass Vulnerability
Vulnerability
Patched
A vulnerability exists in Mattermost versions 10.5.x through 10.5.5, 9.11.x through 9.11.15, 10.8.x through 10.8.0, 10.7.x through 10.7.2, and 10.6.x through 10.6.5. The issue arises because these versions do not properly enforce permissions related to channel member management when adding participants to playbook runs. This flaw allows authenticated users with member-level permissions to circumvent system admin restrictions and manipulate user participation in private channels via the playbook run participants feature, even if the 'Manage Members' permission has been revoked. Consequently, this could result in unauthorized access to sensitive channel content and enable guest users to acquire channel management privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized access to private channel content and allow guest users to gain management rights over channels.
Remediation
Users can upgrade to Mattermost versions 10.9.0, 10.8.2, 10.7.4, 10.6.6, or 9.11.17 to address this vulnerability.
Added: Jun 30, 2025, 5:19 PM
Updated: Jun 30, 2025, 6:52 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
3.1exploitability
5.2remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.