Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Leaked User IDs and Metadata of Deleted DMs
Vulnerability Description
Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对因果或异常条件的不恰当检查
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 9.11.x至9.11.6版本存在安全漏洞,该漏洞源于未从已删除频道端点过滤私聊(DM)信息,可能泄露用户ID等元数据。
CVSS Information
N/A
Vulnerability Type
N/A