Описание
Mattermost fails to properly restrict access to archived channel search API
Mattermost versions < 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/{team_id}/channels/search_archived endpoint
Пакеты
github.com/mattermost/mattermost/server/v8
< 8.0.0-20250815165020-c8d66301415d
8.0.0-20250815165020-c8d66301415d
github.com/mattermost/mattermost
< 5.3.2-0.20250815165020-c8d66301415d
5.3.2-0.20250815165020-c8d66301415d
github.com/mattermost/mattermost-server
< 5.3.2-0.20250815165020-c8d66301415d
5.3.2-0.20250815165020-c8d66301415d
github.com/mattermost/mattermost-server/v5
< 5.3.2-0.20250815165020-c8d66301415d
5.3.2-0.20250815165020-c8d66301415d
github.com/mattermost/mattermost-server/v6
< 5.3.2-0.20250815165020-c8d66301415d
5.3.2-0.20250815165020-c8d66301415d
Связанные уязвимости
Mattermost versions <11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the `/api/v4/teams/{team_id}/channels/search_archived` endpoint
Mattermost versions <11 fail to properly restrict access to archived c ...
Уязвимость компонента API приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации