Mattermost versions <11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the `/api/v4/teams/{team_id}/channels/search_archived` endpoint
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/mattermost/mattermost/server/v8(Go) | 0 | 8.0.0-20250815165020-c8d66301415d | N/A |
| github.com/mattermost/mattermost(Go) | 0 | 5.3.2-0.20250815165020-c8d66301415d | N/A |
| github.com/mattermost/mattermost-server(Go) | 0 | 5.3.2-0.20250815165020-c8d66301415d | N/A |
| github.com/mattermost/mattermost-server/v5(Go) | 0 | 5.3.2-0.20250815165020-c8d66301415d | N/A |
| github.com/mattermost/mattermost-server/v6(Go) | 0 | 5.3.2-0.20250815165020-c8d66301415d | N/A |
CVSS Metrics
