4.3
CVE-2026-2461
- EPSS 0.03%
- Veröffentlicht 16.03.2026 11:16:32
- Zuletzt bearbeitet 20.03.2026 18:30:35
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Server Version < 10.11.11
Mattermost ≫ Mattermost Server Version >= 11.0.0 <= 11.0.3
Mattermost ≫ Mattermost Server Version >= 11.1.0 < 11.2.3
Mattermost ≫ Mattermost Server Version >= 11.3.0 < 11.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.089 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| responsibledisclosure@mattermost.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.