VYPR
Unrated severityNVD Advisory· Published Jan 18, 2022· Updated Dec 6, 2024

Users can view the contents of an archived channel when access is explicitly denied by the system admin

CVE-2021-37864

Description

Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.