GO-2025-3642 Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks

April 24, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title GO-2025-3642 Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks
Type osv
Published 2025-04-24T18:14:57
Last Seen 2025-04-24T19:36:12
CVSS Score 6.5 (MEDIUM)

CVSS v3 Details

Attack Vector NETWORK
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact HIGH

CVE Information

CVE IDs CVE-2025-41395
CWE
Bulletin Family software

Description

Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: .

Impact Assessment

Base Score 6.5
Severity MEDIUM

View full CVE details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.