Home
LOW: 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NDefault status
unaffected
10.11.0 (semver)
affected
10.5.0 (semver)
affected
11.0.0
unaffected
10.11.4
unaffected
10.5.12
unaffected
Description
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint
Problem types
CWE-863: Incorrect Authorization
Product status
10.11.0 (semver)
10.5.0 (semver)
11.0.0
10.11.4
10.5.12
Credits
Xiangyu Guo
References
mattermost.com/security-updates
