6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
25.9%
github.com/mattermost/mattermost is vulnerable to Missing Authorization. A remote authenticated attacker is able to gain access to arbitrary posts by using the message threads API because the library fails to check channel membership when accessing message threads, resulting in disclosure of sensitive information.
github.com/advisories/GHSA-8m2w-p6c5-hh6c
github.com/mattermost/mattermost/commit/1629a6ca7fedeb7cf0b67d7f83dc2e51c387e6ef
github.com/mattermost/mattermost/commit/bcd5477a3f6eebc222b1378059e842b6d33e9eb2
github.com/mattermost/mattermost/commit/ea3f5187c33140a97f33f2304f0bf9fad26757be
mattermost.com/security-updates/