We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.
Reserved 2025-04-08 | Published 2025-04-16 | Updated 2025-04-16 | Assigner MattermostCWE-208: Observable Timing Discrepancy
Juho Forsén
mattermost.com/security-updates
Support options