CVE-2022-2401 Unrestricted information disclosure in Mattermost 6.7.0 and earlier allows team members to access sensitive information via the APIs.

CVE-2022-2401 Unrestricted information disclosure in Mattermost 6.7.0 and earlier allows team members to access sensitive information via the APIs.

For example, the team members can see who has viewed a certain message or file, or who has replied to a certain message or filed. This can lead to some serious data breaches if someone has access to the accounts of all team members. To protect sensitive data, you should disconnect Mattermost from the public Internet as soon as possible, and consider switching to a private chat server. Stay tuned for future updates to ensure your team members are kept safe.

What you should do to stay safe

To stay safe, you should disconnect your Mattermost server from the Internet as soon as possible. You should also consider switching to a private chat server. Stay tuned for future updates to make sure your team is safe.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe