Metrics
Affected Vendors & Products
Solution
Update Mattermost to versions 10.6.0, 10.4.3, 10.5.1, 9.11.11 or higher. Alternatively, update the Mattermost Playbooks plugin to version 2.1.1 or higher.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://mattermost.com/security-updates |
![]() ![]() |
Mon, 29 Sep 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost mattermost Server
|
|
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost_server:10.5.0:-:*:*:*:*:*:* |
|
Vendors & Products |
Mattermost mattermost Server
|
Thu, 24 Apr 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 24 Apr 2025 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions. | |
Title | Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin | |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-04-24T13:06:53.385Z
Reserved: 2025-04-22T11:38:20.780Z
Link: CVE-2025-41423

Updated: 2025-04-24T13:04:00.926Z

Status : Analyzed
Published: 2025-04-24T07:15:31.740
Modified: 2025-09-29T21:06:37.463
Link: CVE-2025-41423

No data.

Updated: 2025-06-23T19:31:59Z