Primary

Context

Mattermost Server Agents Plugin Empty Request Body Vulnerability

Vulnerability

Patched

A vulnerability exists in Mattermost Server versions 10.5.x prior to 10.5.9 that use the Agents plugin. The issue arises because the server fails to properly reject empty request bodies. This flaw enables users to manipulate others into clicking on harmful links through post actions.

Impact

Exploitation of this vulnerability could lead to unwanted actions being performed on behalf of the user, potentially including the execution of malicious links.

Remediation

Users can upgrade to Mattermost Server version 10.11.010.5.10 to address this vulnerability.

Added: Aug 21, 2025, 8:21 AM

Updated: Aug 21, 2025, 8:21 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.0

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.0

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Server Agents Plugin Empty Request Body Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mattermost Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating