Mattermost: >> Mattermost Server >> 9.2.4 Security Vulnerabilities
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.
CVSS Score
3.1
EPSS Score
0.002
Published
2024-02-29
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-02-29
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-29
Page 2