Mattermost server versions up to 11.4.0, 11.3.1, 11.2.3, and 10.11.11 allow a constructed AdvancedLoggingJSON configuration to specify any file target path during support packet generation. The application does not validate these paths, enabling an attacker to read arbitrary files on the host. The resulting confidentiality breach can expose system credentials, configuration files, or other sensitive information, potentially compromising the entire host environment if the attacker can execute additional actions.

Vulnerable Mattermost installations include server releases in the 11.4.x, 11.3.x, 11.2.x, and 10.11.x series with affected build numbers up to 11.4.0, 11.3.1, 11.2.3, and 10.11.11 respectively. Administrators using these versions should check their deployment against the affected builds and plan an update accordingly.

The CVSS base score of 6.8 reflects medium severity with a moderate impact on confidentiality. An EPSS score below 1% indicates a low probability of widespread exploitation at present, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires control over the Advanced Logging configuration, which is typically limited to administrators or privileged users. Without such access, a public attacker is unlikely to exploit the flaw, but internal threats or compromised administrators pose a significant risk.