Unrated severityNVD Advisory· Published Jul 14, 2022· Updated Dec 6, 2024
Guest accounts can list all public channels
CVE-2022-2408
Description
The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=6.7.0+ 1 more
- (no CPE)range: <=6.7.0
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- mattermost.com/security-updates/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.