CVE-2022-2408
Mattermost CVE-2022-2408 affects version 6.7.0 and earlier. The Guest account feature fails to properly restrict permissions, allowing a guest to fetch a list of all public channels in a team even if not a member of those channels. Root cause is a permission-check issue within the Guest feature. ...