Eva Sarafianou

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.0 through 10.11.12 Mattermost version 11.5.0 Mattermost versions 11.4.0 through 11.4.2 Mattermost versions 11.3.0 through 11.3.2 **Description** An authentication endpoint fails to validate CSRF tokens. This allows an attacker to update a user authentication method by tricking a user into visiting a malicious page via a Cross-Site Request Forgery (CSRF) attack, which is a technique where an unauthorized command is transmitted to a web application from a user that the application trusts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.7 Mattermost versions 10.1.x through 10.1.3 Mattermost versions 10.2.x through 10.2.2 Mattermost versions 10.3.x through 10.3.2 Mattermost versions 10.4.x through 10.4.1 **Description** The issue allows a user to export channel contents when they shouldn't have access to it, due to a failure to restrict channel export of archived channels when the "Allow users to view archived channels" setting is disabled. **Recommendations** For versions 9.11.x through 9.11.7, update to a version newer than 9.11.7 to resolve the issue. For versions 10.1.x through 10.1.3, update to a version newer than 10.1.3 to resolve the issue. For versions 10.2.x through 10.2.2, update to a version newer than 10.2.2 to resolve the issue. For versions 10.3.x through 10.3.2, update to a version newer than 10.3.2 to resolve the issue. For versions 10.4.x through 10.4.1, update to a version newer than 10.4.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions prior to v8.1.9 **Description** Mattermost fails to check the `invite guest` permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server. **Recommendations** For versions prior to v8.1.9, update to version v8.1.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `invite guest` permission to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue arises from Mattermost's failure to check if hardened mode is enabled when overriding the username and/or the icon when posting. If settings allow integrations to override the username and profile picture, a member can also override these elements when making a post, even with Hardened Mode enabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue allows a guest user to perform various actions on public playbooks, including viewing, joining, editing, exporting, and archiving, due to a lack of proper user checks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue allows a user with permissions to edit other users and to create personal access tokens to elevate their privileges to system admin. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.