PT-2026-28422 · Mattermost · Mattermost
Winfunc
·
Published
2026-03-26
·
Updated
2026-03-26
·
CVE-2026-3113
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 10.11.x through 10.11.11
Mattermost versions 11.2.x through 11.2.3
Mattermost versions 11.3.x through 11.3.1
Mattermost versions 11.4.x through 11.4.0
Description
The software fails to properly set permissions on downloaded bulk exports. This allows other local users on the server to read the contents of the exported data.
Recommendations
Update Mattermost versions prior to 10.11.12.
Update Mattermost versions prior to 11.2.4.
Update Mattermost versions prior to 11.3.2.
Update Mattermost versions prior to 11.4.1.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost