Hassan Mohammed

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 **Description** Insufficient sanitization of the `FileInfo.Name` variable received from federated peers during shared channel file synchronization allows an attacker controlling a federated server to perform a path traversal attack. This enables the attacker to write files to arbitrary locations within the target server's filestore by using path traversal sequences in the filename field. **Recommendations** Update versions 11.6.0 through 11.6.1 to a newer version. Update versions 11.5.0 through 11.5.4 to a newer version. Update versions 10.11.0 through 10.11.16 to a newer version.

**Name of the Vulnerable Software and Affected Versions** Mattermost Plugins versions prior to 1.1.6 **Description** Insufficient sanitization of filenames received from federated peers when constructing export destination paths allows a remote administrator of a federated server to perform a path traversal attack. By delivering a malicious filename through the shared-channel attachment sync protocol, an attacker can write files to arbitrary locations within the target server's filestore. **Recommendations** Update to a version later than 1.1.5.

Name of the Vulnerable Software and Affected Versions Mattermost Plugin Legal Hold versions 1.1.4 and earlier Description The Mattermost Plugin Legal Hold software, versions 1.1.4 and earlier, does not properly halt request processing after an authorization failure within the `ServeHTTP` function. This allows an authenticated attacker to access, create, download, and delete legal hold data by sending crafted API requests to the plugin's endpoints. The vulnerability stems from a failure to stop processing after an authorization check fails. Recommendations Update Mattermost Plugin Legal Hold to a version later than 1.1.4.