Mattermost: >> Mattermost Server >> 9.11.8 Security Vulnerabilities
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.
CVSS Score
4.3
EPSS Score
0.003
Published
2025-03-21
Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-03-19
Page 6