Mattermost version 2.10.0 and previous versions fails to sanitize deeplink paths, which allows an malicious user to perform CSRF attacks against the server.
mattermost mattermost