CVE-2016-11068: Mattermost Server is vulnerable to Code Injection through its LDAP fields

May 24, 2022 (updated October 22, 2025)

An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.

References

github.com/advisories/GHSA-7vmw-6c7h-rrrv
github.com/mattermost/mattermost
github.com/mattermost/mattermost/commit/6c5a8be6bfe1d6b9d8f71a6b0dc4d8cf93a03aab
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2016-11068

Code Behaviors & Features

Detect and mitigate CVE-2016-11068 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →