Primary

Context

Mattermost GitLab Plugin Command Permission Vulnerability Allowing Uninstallation and Webhook Setup

Vulnerability

Patched

A vulnerability exists in the Mattermost GitLab plugin, specifically in versions of the plugin prior to 11.5, 11.1.5, 10.13.11, and 11.3.4.0. The issue arises because the plugin fails to properly validate permissions when processing commands. This flaw enables regular users to uninstall plugin instances or establish webhook connections using the {{gitlab instance {option}}} or {{/gitlab webhook {option}}} commands.

Impact

Exploitation of this vulnerability allows normal users to uninstall GitLab plugin instances or set up webhook connections through the Mattermost GitLab plugin commands.

Remediation

Users can update to Mattermost GitLab Plugin version 11.7 or later to address this vulnerability.

Added: May 18, 2026, 9:26 AM

Updated: May 18, 2026, 9:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

7.7

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

7.7

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost GitLab Plugin Command Permission Vulnerability Allowing Uninstallation and Webhook Setup

Vulnerability

Impact

Remediation

Affected Products

Mattermost Plugins

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating