CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin

🗓️ 24 Dec 2025 08:01:27Reported by MattermostType

Authenticated attacker can read channel posts attached to Jira issues due to membership check failure.

Reporter	Title	Published	Views	Family All 111
Circl	CVE-2025-13767	24 Dec 202510:37	–	circl
CNNVD	Mattermost 安全漏洞	24 Dec 202500:00	–	cnnvd
CVE	CVE-2025-13767	24 Dec 202508:01	–	cve
EUVD	EUVD-2025-205063	24 Dec 202508:01	–	euvd
Github Security Blog	Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues	24 Dec 202509:30	–	github
NVD	CVE-2025-13767	24 Dec 202508:15	–	nvd
OSV	GHSA-FMQF-PMCM-8CX9 Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues	24 Dec 202509:30	–	osv
OSV	GO-2025-4259 Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues in github.com/mattermost/mattermost-server	26 Feb 202616:27	–	osv
OSV	SUSE-SU-2026:0757-1 Security update for govulncheck-vulndb	3 Mar 202611:34	–	osv
Positive Technologies	PT-2020-8419	19 Jun 202000:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "11.1.0",
        "status": "affected",
        "version": "11.1.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.0.5",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.12.3",
        "status": "affected",
        "version": "10.12.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.11.7",
        "status": "affected",
        "version": "10.11.0",
        "versionType": "semver"
      },
      {
        "version": "11.2.0",
        "status": "unaffected"
      },
      {
        "version": "11.1.1",
        "status": "unaffected"
      },
      {
        "version": "11.0.6",
        "status": "unaffected"
      },
      {
        "version": "10.12.4",
        "status": "unaffected"
      },
      {
        "version": "10.11.8",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

24 Dec 2025 08:01Current

CVSS 3.14.3

EPSS0.00039

CWE-863