Headline
GHSA-689c-xq7x-xjwf: Mattermost Playbooks fails to validate the uniqueness and quantity of task actions
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-35965
Mattermost Playbooks fails to validate the uniqueness and quantity of task actions
Moderate severity GitHub Reviewed Published Apr 24, 2025 to the GitHub Advisory Database • Updated Apr 24, 2025
Package
gomod github.com/mattermost/mattermost-plugin-playbooks (Go)
Affected versions
>= 2.0.0, < 2.1.1
< 1.41.0
gomod github.com/mattermost/mattermost/server/v8 (Go)
< 8.0.0-20250218121836-2b5275d87136
>= 10.4.0, < 10.4.3
>= 10.5.0, < 10.5.1
>= 9.11.0, < 9.11.11
8.0.0-20250218121836-2b5275d87136
Published to the GitHub Advisory Database
Apr 24, 2025
Last updated
Apr 24, 2025