The Mattermost Plugin Legal Hold is affected by a high-severity vulnerability that could facilitate unauthorized data access.

This vulnerability affects the Legal Hold plugin for Mattermost, potentially allowing an attacker to bypass intended security controls. The flaw may allow unauthorized access to sensitive legal hold data depending on the authentication context.

Exploitation of this vulnerability could lead to the unauthorized disclosure or manipulation of sensitive legal records stored within the Mattermost environment. With a CVSS score of 8.8, this poses a substantial risk to legal compliance and organizational confidentiality.

Immediate Action: Update the Legal Hold plugin to the latest available version provided by Mattermost.

Proactive Monitoring: Review audit logs for unauthorized access to the Legal Hold plugin or export functions.

Compensating Controls: Limit access to the Legal Hold plugin functionality to a restricted set of authorized users using role-based access controls.

Public Exploit Available: false

Organizations utilizing the Mattermost Legal Hold plugin must update to the latest version immediately to mitigate this high-risk vulnerability. Ensuring that security patches are applied promptly is critical for maintaining data integrity.