Описание
Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint.
Пакеты
github.com/mattermost/mattermost-server
< 0.0.0-20250513065225-4ae5d647fb88
0.0.0-20250513065225-4ae5d647fb88
github.com/mattermost/mattermost/server/v8
< 8.0.0-20250513065225-4ae5d647fb88
8.0.0-20250513065225-4ae5d647fb88
github.com/mattermost/mattermost/server/v8
>= 9.11.0, < 9.11.16
9.11.16
github.com/mattermost/mattermost/server/v8
>= 10.5.0, < 10.5.6
10.5.6
github.com/mattermost/mattermost/server/v8
>= 10.6.0, < 10.6.6
10.6.6
github.com/mattermost/mattermost/server/v8
>= 10.7.0, < 10.7.3
10.7.3
github.com/mattermost/mattermost/server/v8
>= 10.8.0, < 10.8.1
10.8.1
Связанные уязвимости
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint.
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10. ...
Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации