Unrated severityNVD Advisory· Published Jan 18, 2022· Updated Dec 6, 2024
Users can view the contents of an archived channel when access is explicitly denied by the system admin
CVE-2021-37864
Description
Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=6.1+ 1 more
- (no CPE)range: <=6.1
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- mattermost.com/security-updates/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.