Impact
Mattermost fails to enforce administrator authorization when users invoke the /gitlab connect command, allowing any authenticated user to overwrite the global default GitLab instance configuration. The resulting misconfiguration could redirect the integration to malicious or unintended GitLab instances, potentially exposing organizational data or compromising the integration flow.
Affected Systems
The vulnerability is present in Mattermost versions 11.7.x up to 11.7.0, 11.6.x up to 11.6.2, 11.5.x up to 11.5.5, 10.11.x up to 10.11.17 and all earlier releases in those series. These versions allow the abuse of the setDefaultInstance call within the /gitlab connect command handler.
Risk and Exploitability
The CVSS score of 5.4 puts the issue in the medium severity range. EPSS information is not available and the vulnerability is not listed in CISA's KEV catalog, indicating no confirmed exploitation yet. The likely attack path requires an authenticated user to send a slash command, which is readily available to any Mattermost member, making the vulnerability easy to exploit under normal user conditions.
OpenCVE Enrichment