CVE-2022-0708

Summary

Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermostunspecified <= 6.3.0affected
MattermostMattermost6.2.2 < unspecifiedunaffected
MattermostMattermost6.1.2 < unspecifiedunaffected
MattermostMattermost5.37.7 < unspecifiedunaffected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References