Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized access to archived channel content via threads interface
Vulnerability Description
Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 11.0之前版本存在安全漏洞,该漏洞源于未能正确执行允许用户查看归档频道的设置,可能导致普通用户通过关注线程中的在频道中打开功能访问归档频道内容和文件。
CVSS Information
N/A
Vulnerability Type
N/A