Eahmed

**Name of the Vulnerable Software and Affected Versions** Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 **Description** Improper validation of file ownership and access control in the Boards API allows an authenticated user to access and download files belonging to other users or teams. This is achieved by sending crafted requests to the Boards API using valid file IDs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 **Description** An issue exists where the software fails to validate the OAuth token scope during the callback process. This allows an authenticated user to gain unauthorized access to private repositories by modifying the `scope` parameter within the GitHub authorization URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost Plugins versions prior to 11.5 **Description** Insufficient API-level checks regarding group permissions allow a user who is a member of multiple groups to create issues or attach comments to a locked group through direct API requests. **Recommendations** Update to a version newer than 11.5.

**Name of the Vulnerable Software and Affected Versions** Mattermost Plugins versions prior to 11.5 **Description** An issue exists where the software fails to appropriately check for valid namespaces. This allows plugin users to create subscriptions to groups that were not whitelisted by creating groups that share the same prefix as a whitelisted group. **Recommendations** Update to a version newer than 11.5.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.12 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 10.6.x through 10.6.2 Mattermost versions 10.7.x through 10.7.0 **Description** The issue arises when Mattermost fails to clear Google OAuth credentials during the conversion of user accounts to bot accounts. This failure allows attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow. **Recommendations** For versions 9.11.x through 9.11.12, update to a version that clears Google OAuth credentials when converting user accounts to bot accounts. For versions 10.5.x through 10.5.3, update to a version that clears Google OAuth credentials when converting user accounts to bot accounts. For versions 10.6.x through 10.6.2, update to a version that clears Google OAuth credentials when converting user accounts to bot accounts. For versions 10.7.x through 10.7.0, update to a version that clears Google OAuth credentials when converting user accounts to bot accounts.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.7.x through 10.7.0 Mattermost versions 10.6.x through 10.6.2 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 9.11.x through 9.11.12 **Description** The issue is related to the failure of the system to properly invalidate personal access tokens when a user is deactivated. This allows deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens. **Recommendations** For versions 10.7.x through 10.7.0, update to a version that properly invalidates personal access tokens upon user deactivation. For versions 10.6.x through 10.6.2, update to a version that properly invalidates personal access tokens upon user deactivation. For versions 10.5.x through 10.5.3, update to a version that properly invalidates personal access tokens upon user deactivation. For versions 9.11.x through 9.11.12, update to a version that properly invalidates personal access tokens upon user deactivation.

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.9 Mattermost versions 10.4.x through 10.4.3 Mattermost versions 10.5.x through 10.5.1 Description: The issue arises when a user account is converted to a bot, and the cache is not properly invalidated, allowing an attacker to log in to the bot exactly one time using normal credentials. Recommendations: For versions 9.11.x through 9.11.9, update to a version that includes the cache invalidation fix. For versions 10.4.x through 10.4.3, update to a version that includes the cache invalidation fix. For versions 10.5.x through 10.5.1, update to a version that includes the cache invalidation fix.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.6 Mattermost versions 10.4.x through 10.4.1 **Description** The issue arises when a user is converted to a bot, and the system fails to invalidate all active sessions. This allows the converted user to potentially escalate their privileges, depending on the permissions granted to the bot. **Recommendations** For Mattermost versions 9.11.x through 9.11.6, update to a version later than 9.11.6 to resolve the issue. For Mattermost versions 10.4.x through 10.4.1, update to a version later than 10.4.1 to resolve the issue. As a temporary workaround, consider restricting the conversion of users to bots and limiting the permissions granted to bots to minimize the risk of exploitation.