Mattermost Microsoft Teams Plugin fails to properly mask sensitive configuration values

Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606

References

Published by the National Vulnerability Database Mar 16, 2026

Published to the GitHub Advisory Database Mar 16, 2026

Reviewed Mar 19, 2026

Last updated Mar 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Exposure of Sensitive Information to an Unauthorized Actor

CVE ID

GHSA ID

Source code

Uh oh!