Primary

Context

Mattermost Bulk Export Permission Vulnerability Allowing Unauthorized Access to Exported Data

Vulnerability

Patched

A vulnerability exists in Mattermost versions 11.4.x through 11.4.0, 11.3.x through 11.3.1, 11.2.x through 11.2.3, and 10.11.x through 10.11.11. These versions fail to properly set permissions on downloaded bulk exports, allowing other local users on the server to access the contents of these exports. This issue could lead to unauthorized data exposure.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data contained in bulk exports, potentially leading to privacy violations or misuse of information.

Remediation

Users can upgrade to Mattermost versions 11.5.0 or 11.6.0 to address this vulnerability.

Added: Mar 26, 2026, 5:25 PM

Updated: Mar 26, 2026, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

3.6

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

3.6

remediation

7.7

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Bulk Export Permission Vulnerability Allowing Unauthorized Access to Exported Data

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating