2 matches found
GHSA-7CR3-38JM-6P45 Mattermost has a Missing Authorization vulnerability
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...
CVE-2025-41443 Guest user can discover active public channels
Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...