CVE-2026-3117
Mattermost GitLab Plugin Command Execution Flaw
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: Mattermost, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | gitlab_plugin | to 11.5 (inc) |
| mattermost | gitlab_plugin | to 11.1.5 (inc) |
| mattermost | gitlab_plugin | to 10.13.11 (inc) |
| mattermost | gitlab_plugin | to 11.3.4.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper permission checks in Mattermost Gitlab plugin commands, specifically the {{gitlab instance {option}}} and {{/gitlab webhook {option}}} commands. Detection would involve monitoring or testing these commands to see if normal users can execute them to uninstall instances or set up webhook connections without proper authorization.
Since the provided resources do not include specific detection commands or network signatures, a practical approach would be to attempt executing these commands as a normal user in a controlled environment to verify if permission checks are enforced.
No explicit command-line detection commands or network detection signatures are provided in the available information.
Can you explain this vulnerability to me?
This vulnerability exists in Mattermost Plugins versions up to 11.5, specifically in the Gitlab plugin versions 11.1.5, 10.13.11, and 11.3.4.0. The issue is that the plugin fails to properly check user permissions when processing certain commands.
Because of this improper permission check, normal users (who should not have administrative privileges) can execute commands that allow them to uninstall Gitlab instances or set up webhook connections using the commands {{gitlab instance {option}}} or {{/gitlab webhook {option}}}.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions by normal users, such as uninstalling Gitlab instances or configuring webhook connections without proper permissions.
This can disrupt service availability (denial of service) or allow attackers to manipulate integrations, potentially leading to further security issues.
The CVSS score of 6.5 indicates a medium severity impact, with the main impact being on availability (A:H), meaning the availability of the service can be severely affected.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Mattermost Gitlab plugin to a version later than the affected versions (versions greater than 11.5, 11.1.5, 10.13.11, and 11.3.4.0) where the permission checks have been properly implemented.
Additionally, monitor the official Mattermost Security Updates page for any patches or further guidance related to this issue.