Visat

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.7 Mattermost versions 10.2.x through 10.2.2 Mattermost versions 10.3.x through 10.3.2 Mattermost versions 10.4.x through 10.4.1 **Description** The issue is related to the failure of Mattermost to properly validate input when patching and duplicating a board. This allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards. It is estimated that over 95,100 services are potentially affected. **Recommendations** For versions 9.11.x through 9.11.7, update to version 9.11.8. For versions 10.2.x through 10.2.2, update to version 10.2.3. For versions 10.3.x through 10.3.2, update to version 10.3.3. For versions 10.4.x through 10.4.1, update to version 10.4.2 or 10.5.0.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.7 Mattermost versions 10.2.x through 10.2.2 Mattermost versions 10.3.x through 10.3.2 Mattermost versions 10.4.x through 10.4.1 **Description** The issue allows an attacker to retrieve data from the database via a SQL injection when reordering specially crafted boards categories, due to the failure to use prepared statements in the SQL query of boards reordering. **Recommendations** For versions 9.11.x through 9.11.7, update to a version that includes the fix for this issue. For versions 10.2.x through 10.2.2, update to a version that includes the fix for this issue. For versions 10.3.x through 10.3.2, update to a version that includes the fix for this issue. For versions 10.4.x through 10.4.1, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.7 Mattermost versions 10.2.x through 10.2.2 Mattermost versions 10.3.x through 10.3.2 Mattermost versions 10.4.x through 10.4.1 **Description** The issue arises from the improper validation of board blocks when importing boards, allowing an attacker to read any arbitrary file on the system. This can be achieved by importing and exporting a specially crafted import archive in Boards. **Recommendations** For versions 9.11.x through 9.11.7, update to a version later than 9.11.7 to resolve the issue. For versions 10.2.x through 10.2.2, update to a version later than 10.2.2 to resolve the issue. For versions 10.3.x through 10.3.2, update to a version later than 10.3.2 to resolve the issue. For versions 10.4.x through 10.4.1, update to a version later than 10.4.1 to resolve the issue.