The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-07-14T17:25:20
Updated: 2024-08-03T00:39:07.253Z
Reserved: 2022-07-14T00:00:00
Link: CVE-2022-2408
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-14T18:15:08.420
Modified: 2023-06-30T18:50:06.533
Link: CVE-2022-2408
Redhat
No data.