CVE-2022-1384

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt