10 matches found
Mattermost allows regular users to access archived channel content and files
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...
EUVD-2025-186557
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
CVE-2025-41436
Mattermost Server
PT-2025-46946
Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.0 Description Mattermost fails to correctly implement the "Allow users to view archived channels" setting. This allows regular users to access content and files within archived channels through the "Open in...