Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Private channel names leaking when Elasticsearch is enabled
Vulnerability Description
Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.0.0版本和9.11.2版本及之前的9.11.x版本存在安全漏洞,该漏洞源于频道切换器中搜索频道名称时无法正确查询 ElasticSearch,这允许攻击者在启用 Elasticsearch v8 时获取他们不是其成员的频道的私有频道名称。
CVSS Information
N/A
Vulnerability Type
N/A