PT-2026-25680 · Mattermost · Teams Plugin+1
Yash-Chakerverti
·
Published
2026-03-16
·
Updated
2026-03-27
·
CVE-2026-2476
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost Plugins versions through 2.0.3.0
Description
The Mattermost plugins do not properly mask sensitive configuration values. This allows an attacker with access to support packets to obtain original plugin settings through exported configuration data. The Mattermost Microsoft Teams Plugin is also affected.
Recommendations
Update to a version of Mattermost Plugins greater than 2.0.3.0.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Plugins
Teams Plugin