2 matches found
CVE-2025-13352
Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...
CVE-2025-13352
Mattermost vulnerability CVE-2025-13352 affects Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions = 2.5.0-rc1 or higher) or apply vendor-supplied security updates. Further advisories from Red Hat, CIRCL, OSV, GHSA, and others corroborate the identity validation bypas...