Lorenzo Gallegos

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 **Description** An authenticated attacker can cause resource exhaustion or denial of service by sending a crafted oversized HTTP POST request to the ' /api/v1/meetings' endpoint. This occurs because the application fails to limit the size of the request body. **Recommendations** Update Mattermost versions 11.5.0 through 11.5.1 to a version newer than 11.5.1. Update Mattermost versions 10.11.0 through 10.11.13 to a version newer than 10.11.13. Update Mattermost versions 11.4.0 through 11.4.3 to a version newer than 11.4.3. As a temporary workaround, restrict access to the ' /api/v1/meetings' endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions less than or equal to 2.3.1 Description Mattermost Plugins versions less than or equal to 2.3.1 do not limit the request body size on the `/lifecycle` webhook endpoint, potentially allowing an authenticated attacker to cause memory exhaustion and denial of service by sending an oversized JSON payload. Recommendations Update Mattermost Plugins to a version greater than 2.3.1.

**Name of the Vulnerable Software and Affected Versions** Mattermost Plugins versions less than or equal to 2.1.3.0 **Description** Mattermost Plugins versions less than or equal to 2.1.3.0 do not limit the request body size on the `/changes` webhook endpoint. This allows an authenticated attacker to cause memory exhaustion and denial of service by sending an oversized JSON payload. **Recommendations** Update Mattermost Plugins to a version greater than 2.1.3.0.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not enforce authentication for users accessing the Mattermost instance. This allows unauthenticated attackers to access subscription details via an API call to the GET subscription endpoint `/subscription`. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to channels, potentially allowing unauthorized access to channel subscription details. This occurs through an API call to the `GET /autocomplete/GetChannelSubscriptions` endpoint. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. Attackers can exploit this to crash the plugin by repeatedly sending invalid requests to the server webhook endpoint. Recommendations: Update the Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to Confluence spaces. This allows attackers to create subscriptions for Confluence spaces that a user does not have permission to access via the `create subscription` API endpoint. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. Attackers can exploit this to crash the plugin by repeatedly sending invalid request bodies to the server webhook endpoint. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not enforce authentication for users accessing the Mattermost instance. This allows unauthenticated attackers to modify channel subscriptions by making API calls to the `edit channel subscription` endpoint. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not properly handle unexpected request bodies. This allows attackers to crash the plugin by repeatedly sending requests with invalid bodies to the channel subscription creation endpoint. Recommendations: Update the Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, allowing attackers to create channel subscriptions without proper authorization via an API call to the create channel subscription endpoint. The vulnerable API endpoint is `/api/v1/channel/subscriptions`. The vulnerable parameter is `channel id`. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, enabling attackers to create channel subscriptions without authorization through an API call to the edit channel subscription endpoint `/api/v1/channels/{channel id}/subscriptions/{user id}`. The vulnerable parameter is `user id`. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to channels, potentially allowing unauthorized access to channel subscription details. This occurs through an API call to the `Get Channel Subscriptions details` endpoint. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user authorization to the Mattermost instance, enabling attackers to create channel subscriptions without proper authorization. This is achieved through an API call to the `create channel subscription` endpoint. Recommendations: Update Mattermost Confluence Plugin to version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to Confluence spaces. This allows attackers to modify subscriptions for Confluence spaces that a user does not have permission to access via the `edit subscription` endpoint. Recommendations: Update to Mattermost Confluence Plugin version 1.5.0 or later.

Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin is susceptible to a denial-of-service issue. Attackers can crash the plugin by repeatedly sending invalid request bodies to the update channel subscription endpoint. Recommendations: Update the Mattermost Confluence Plugin to version 1.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.5.x through 9.5.8 Mattermost versions 9.9.x through 9.9.2 Mattermost versions 9.10.x through 9.10.1 **Description** The issue allows an attacker to view unlinked channel files in channels they are a member of, due to a failure to limit access to these files. This is possible because the affected versions of Mattermost do not restrict access to channels files that have not been linked to a post. **Recommendations** For versions 9.5.x through 9.5.8, update to a version later than 9.5.8 to resolve the issue. For versions 9.9.x through 9.9.2, update to a version later than 9.9.2 to resolve the issue. For versions 9.10.x through 9.10.1, update to a version later than 9.10.1 to resolve the issue.