Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Public channel post content accessible without membership when compliance export is enabled
Vulnerability Description
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost存在安全漏洞,该漏洞源于在获取公共频道的帖子时无法检查是否启用了合规性导出,允许非公共频道成员的用户获取帖子。
CVSS Information
N/A
Vulnerability Type
N/A