Описание
Mattermost fails to use consistent error responses when handling the /mute command
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588
Пакеты
github.com/mattermost/mattermost/server/v8
< 8.0.0-20260130144323-5bb5261c72fa
8.0.0-20260130144323-5bb5261c72fa
github.com/mattermost/mattermost-server
< 5.3.2-0.20260130144323-5bb5261c72fa
5.3.2-0.20260130144323-5bb5261c72fa
github.com/mattermost/mattermost-server
>= 10.11.0-rc1, < 10.11.11
10.11.11
github.com/mattermost/mattermost-server
>= 11.2.0-rc1, < 11.2.3
11.2.3
github.com/mattermost/mattermost-server
>= 11.3.0-rc1, < 11.3.1
11.3.1
Связанные уязвимости
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...