5 matches found
CVE-2023-27266
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...
CVE-2023-27266
creationtimestamp| type| source ---|---|--- 2023-02-27 18:28:14+00:00| seen| https://t.me/cibsecurity/58966...
CVE-2023-27266 Disclosure of team owner email address when when accessing the teams API
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...
CVE-2023-27266 Disclosure of team owner email address when when accessing the teams API
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...
CVE-2023-27266
Mattermost vulnerability CVE-2023-27266 arises from the API response construction for /api/v4/users/me/teams not honoring ShowEmailAddress. This allows a user with team admin privileges to learn the team owner's email address from the response. Affected software: Mattermost (web/API level). Root ...