CVE-2022-2401

Summary

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost6.7.x 6.7.0affected
MattermostMattermost6.x <= 6.3.8affected
MattermostMattermost6.5.x <= 6.5.1affected
MattermostMattermost6.6.x <= 6.6.1affected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References