Описание
Mattermost allows regular users to access archived channel content and files
Mattermost versions < 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads
Пакеты
github.com/mattermost/mattermost-server
< 11.0.0-alpha.1
11.0.0-alpha.1
github.com/mattermost/mattermost/server/v8
< 8.0.0-20250815165020-c8d66301415d
8.0.0-20250815165020-c8d66301415d
Связанные уязвимости
Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads
Mattermost versions <11.0 fail to properly enforce the "Allow users to ...
Уязвимость функции Open in Channel приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации