PT-2025-6788 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.6 Description: The issue allows an attacker to infer user IDs and other metadata from deleted direct messages DMs if someone had manually marked DMs as deleted in the database. This is possible because...