GO-2026-4782 Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications in github.com/mattermost/mattermost-plugin-boards

Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications in github.com/mattermost/mattermost-plugin-boards...

GHSA-HF8W-X9H5-5GF9 Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

CVE-2025-12756

Mattermost vulnerability CVE-2025-12756 affects Mattermost Server with Boards: versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, and 10.5.x

CVE-2025-12756 Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

EUVD-2021-24345

Malware in sbrugna...

GO-2025-3978 Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards

Mattermost boards plugin fails to restrict download access to files in github.com/mattermost/mattermost-plugin-boards...

GHSA-F72G-52V7-MG3P Mattermost boards plugin fails to restrict download access to files

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

Mattermost boards plugin fails to restrict download access to files

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the boards plugin download endpoint. An attacker can access and download files belonging to other users by enumerating UUIDs. Remediation Upgrade...

Authorization Bypass Through User-Controlled Key

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the boards plugin download endpoint. An attacker can access and download files belonging to...

CVE-2021-37867

Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure...

WordPress plugin Kanban Boards 跨站脚本漏洞

WordPress and others are products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language.WordPress plugin is an application plugin.Boa and others are products of Boa open source.Boa is an open source code for embedded applications. A cross-site...

Mattermost Boards Plugin Trust Management Issue Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. The Mattermost Boards plugin in v0.10.0 and prior versions is vulnerable to a trust management issue that stems from the lack of an effective trust management mechanism in the network system or product. An attacker could...

CVE-2021-37866

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization...

CVE-2021-37866

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization...

Authorization

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization...

CVE-2021-37867

Mattermost Boards plugin v0.10.0 and earlier is affected by an information-disclosure vulnerability. The root cause is a failure to protect all users’ email addresses via one of the Boards APIs, allowing authenticated and unauthorized users to access sensitive personal data. Affected component: M...

CVE-2021-37866

Mattermost Boards plugin (v0.10.0 and earlier) does not invalidate server-side sessions on user logout, allowing reuse of the old session token for authorization. Documented as CVE-2021-37866 with multiple references (NVD, CVE lists, and country/NVD mirrors). Relevant impact details indicate netw...

Mattermost 信息泄露漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. The Mattermost Boards plugin in v0.10.0 and earlier is vulnerable to an information disclosure vulnerability that stems from a failure to protect all users' email addresses via one of the Board APIs, which could be exploite...