Github.Com Mattermost Mattermost-Plugin-Zoom vulnerabilities

CVE-2026-0998 [MEDIUM] CWE-862 Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint which allows unauthorized users to start Zoom m

CVE-2026-0997 [MEDIUM] CWE-863 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user