Go modules package
github.com/mattermost/mattermost-plugin-boards
pkg:golang/github.com/mattermost/mattermost-plugin-boards
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2461 | — | < 0.0.0-20260108044135-57c5be5b6ef5 | 0.0.0-20260108044135-57c5be5b6ef5 | Mar 16, 2026 | Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-0055 | ||
| CVE-2025-9081 | — | < 0.0.0-20250716054606-3f3e3becfe1d | 0.0.0-20250716054606-3f3e3becfe1d | Sep 19, 2025 | Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration |
- CVE-2026-2461Mar 16, 2026affected < 0.0.0-20260108044135-57c5be5b6ef5fixed 0.0.0-20260108044135-57c5be5b6ef5
Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-0055
- CVE-2025-9081Sep 19, 2025affected < 0.0.0-20250716054606-3f3e3becfe1dfixed 0.0.0-20250716054606-3f3e3becfe1d
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration