Github.Com Mattermost Mattermost-Plugin-Boards vulnerabilities

CVE-2026-2461 [MEDIUM] CWE-639 Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications Mattermost Boards Plugin fails to implement authorisation checks on comment block modifications Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-0

CVE-2025-9081 [LOW] CWE-639 Mattermost boards plugin fails to restrict download access to files Mattermost boards plugin fails to restrict download access to files Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration