Primary

Context

Mattermost Path Traversal Vulnerability in Bulk Import File Attachments

Vulnerability

Patched

A path traversal vulnerability has been identified in Mattermost versions 10.8.x prior to 10.8.1, 10.7.x prior to 10.7.3, 10.5.x prior to 10.5.7, and 9.11.x prior to 9.11.16. This vulnerability arises because the application fails to properly sanitize input paths for file attachments in bulk import JSONL files. As a result, a system administrator could exploit this flaw to read arbitrary system files via path traversal.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, potentially allowing for further exploitation or information disclosure.

Remediation

Users can upgrade to Mattermost versions 10.9.0, 10.8.2, 10.7.4, 10.6.6, or 9.11.17 to address this vulnerability.

Added: Jul 18, 2025, 10:17 AM

Updated: Jul 18, 2025, 10:17 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.3

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.3

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Path Traversal Vulnerability in Bulk Import File Attachments

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating