Описание
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mattermost-server | itp | package |
EPSS
Процентиль: 41%
0.0019
Низкий
Связанные уязвимости
CVSS3: 4.3
nvd
около 2 лет назад
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.
CVSS3: 4.3
github
около 2 лет назад
Mattermost viewing archived public channels permissions vulnerability
EPSS
Процентиль: 41%
0.0019
Низкий