Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized Access to view channels' details
Vulnerability Description
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost存在安全漏洞,该漏洞源于对/api/v4/channels请求的授权不当,允许具有Read Groups权限但无渠道访问权限的用户或系统管理员通过发送请求,来获取他们的敏感信息。以下版本受到影响:9.10.2版本及之前的9.10.x版本、9.11.1版本及之前的9.11.x版本、9.5.9版本及之前的9.5.x版本和10.0.0版本及之前的10.0.x版本。
CVSS Information
N/A
Vulnerability Type
N/A