Security Advisory

CVE-2022-2408

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-14 17:25:20

Last updated 2024-12-06 23:08:12

Assigner Mattermost

State PUBLISHED

Description

The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.

← Browse all CVEs View on cve.org ↗