GHSA-VWW6-79RV-3J4X Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

CVE-2025-64641

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

EUVD-2025-205062

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affecte...

CVE-2025-64641

Mattermost contains a vulnerability where post actions invoking /share-issue-publicly are not verified to be created by the Jira plugin, enabling a malicious user to exfiltrate Jira tickets when victims interact with affected posts. Affected versions include Mattermost 11.1.x (<=11.1.0), 11.0....

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 11.1.0 and prior to 11.1.x, 11.0.5 and prior to 11.0.x, 10.12.3 and prior to 10.12.x, and 10.11.7 and prior to 10.11.x. The vulnerability stems fr...

PT-2025-52873

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.7 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 11.1.x through 11.1.0 Description Mattermost fails to verify that post actions invoking...