Daynight

**Name of the Vulnerable Software and Affected Versions** Mattermost Plugins versions 10.10.11.0 through 11.3 **Description** The Mattermost Plugins do not properly enforce authorization checks when modifying comment blocks. This allows an authorized attacker with editor permissions to modify comments created by other members. The vulnerable component is related to comment block modifications within the Mattermost Boards Plugin. **Recommendations** Update to a version of Mattermost Plugins later than 11.3.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.0.0 through 11.0.2 Mattermost versions 10.5.0 through 10.5.12 Mattermost versions 10.11.0 through 10.11.4 Mattermost versions 10.12.0 through 10.12.1 **Description** The software does not properly check user permissions when deleting comments within the Boards feature. This allows a user with editor role privileges to delete comments created by other users. The affected functionality involves the deletion of comments in Boards. **Recommendations** Update Mattermost to a version later than 11.0.2. Update Mattermost to a version later than 10.12.1. Update Mattermost to a version later than 10.11.4. Update Mattermost to a version later than 10.5.12.