Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing authorization check allows unauthorized modification of other users' comments on a board
Vulnerability Description
Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Mattermost Plugins 安全漏洞
Vulnerability Description
Mattermost Plugins是美国Mattermost公司的一个插件,提供强大的功能延伸和与服务器和网络/桌面应用程序都紧密整合。 Mattermost Plugins 11.3版本、11.0.3版本、11.2.2版本和10.10.11.0版本存在安全漏洞,该漏洞源于未对评论块修改实施授权检查,可能导致具有编辑者权限的授权攻击者修改其他董事会成员创建的评论。
CVSS Information
N/A
Vulnerability Type
N/A