CVE-2025-13767Incorrect Authorization in Mattermost Mattermost-server

CWE-863Incorrect Authorization6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 88.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Github.com Mattermost Mattermost-serverGithub.com Mattermost Mattermost Server V8Mattermost Server+1 more
Timeline
PublishedDec 24
Latest updateFeb 26

Description

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

NVDmattermost/mattermost_server10.11.010.11.8+3
Gogithub.com/mattermost_mattermost-server10.11.0+incompatible10.11.8+incompatible+7
Gogithub.com/mattermost_mattermost_server_v8< 8.0.0-20251121122154-b57c297c6d7
CVEListV5mattermost/mattermost11.1.011.1.0+3

🔴Vulnerability Details

4
OSV
Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues in github.com/mattermost/mattermost-server2026-02-26
CVEList
Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin2025-12-24
OSV
Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues2025-12-24
GHSA
Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues2025-12-24

🕵️Threat Intelligence

1
Wiz
CVE-2025-13767 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-13767 — Incorrect Authorization | cvebase