VYPR

Go modules package

github.com/mattermost/mattermost-plugin-boards

pkg:golang/github.com/mattermost/mattermost-plugin-boards

Vulnerabilities (2)

  • CVE-2026-2461Mar 16, 2026
    affected < 0.0.0-20260108044135-57c5be5b6ef5fixed 0.0.0-20260108044135-57c5be5b6ef5

    Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-0055

  • CVE-2025-9081Sep 19, 2025
    affected < 0.0.0-20250716054606-3f3e3becfe1dfixed 0.0.0-20250716054606-3f3e3becfe1d

    Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration