Unrated severityNVD Advisory· Published Jan 18, 2022· Updated Dec 6, 2024
Users can view the contents of an archived channel when access is explicitly denied by the system admin
CVE-2021-37864
Description
Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
Affected products
1- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- mattermost.com/security-updates/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.