Headline

GHSA-j6gg-r5jc-47cm: Mattermost fails to properly restrict access to archived channel search API

Mattermost versions < 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/{team_id}/channels/search_archived endpoint

1 day ago

ghsa

Open in Source

#git #perl

Package

gomod github.com/mattermost/mattermost (Go)

Affected versions

< 5.3.2-0.20250815165020-c8d66301415d

Patched versions

5.3.2-0.20250815165020-c8d66301415d

gomod github.com/mattermost/mattermost-server (Go)

< 5.3.2-0.20250815165020-c8d66301415d

5.3.2-0.20250815165020-c8d66301415d

gomod github.com/mattermost/mattermost-server/v5 (Go)

< 5.3.2-0.20250815165020-c8d66301415d

5.3.2-0.20250815165020-c8d66301415d

gomod github.com/mattermost/mattermost-server/v6 (Go)

< 5.3.2-0.20250815165020-c8d66301415d

5.3.2-0.20250815165020-c8d66301415d

gomod github.com/mattermost/mattermost/server/v8 (Go)

< 8.0.0-20250815165020-c8d66301415d

8.0.0-20250815165020-c8d66301415d

ghsa: Latest News

GHSA-mr34-8733-grr2: Memos' Access Tokens Stay Valid after User Password Change

17 hours ago

ghsa

GHSA-4m32-cjv7-f425: AstrBot is vulnerable to RCE with hard-coded JWT signing keys

17 hours ago

ghsa

GHSA-m8jr-fxqx-8xx6: Apollo Federation has Improper Enforcement of Access Control on Transitive Fields

17 hours ago

ghsa

GHSA-vv2v-pw69-8crf: Directus is Vulnerable to Stored Cross-site Scripting

17 hours ago

ghsa

GHSA-9x5g-62gj-wqf2: Directus has Improper Permission Handling on Deleted Fields

17 hours ago

ghsa