Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized View Access to Site Statistics and Team Statistics
Vulnerability Description
Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 9.11.x版本至9.11.8之前版本存在安全漏洞,该漏洞源于对Viewer角色的授权不当,可能导致配置为无报告访问权限的Viewer角色攻击者仍能查看团队和站点统计信息。
CVSS Information
N/A
Vulnerability Type
N/A