Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/mattermost/mattermost/server/v8(Go) | 10.5.0 | 10.5.3 | N/A |
| github.com/mattermost/mattermost/server/v8(Go) | 9.11.0 | 9.11.12 | N/A |
| github.com/mattermost/mattermost/server/v8(Go) | 0 | 8.0.0-20250411064244-844447fbd57c | N/A |
CVSS Metrics
