CVE

CVE-2022-2408

admin

CVE-2022-2408

The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.

Source: CVE-2022-2408

Exit mobile version