Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another userΒ to get their information (e.g. name, surname, nickname) via Mattermost Boards.
CPE | Name | Operator | Version |
---|---|---|---|
mattermost | le | 7.8.12 | |
mattermost | ge | 8.0.0 | |
mattermost | le | 8.1.3 |