CVE-2022-2401 Unrestricted information disclosure in Mattermost 6.7.0 and earlier allows team members to access sensitive information via the APIs.

For example, the team members can see who has viewed a certain message or file, or who has replied to a certain message or filed. This can lead to some serious data breaches if someone has access to the accounts of all team members. To protect sensitive data, you should disconnect Mattermost from the public Internet as soon as possible, and consider switching to a private chat server. Stay tuned for future updates to ensure your team members are kept safe.

What you should do to stay safe

To stay safe, you should disconnect your Mattermost server from the Internet as soon as possible. You should also consider switching to a private chat server. Stay tuned for future updates to make sure your team is safe.

Timeline

Published on: 07/14/2022 18:15:00 UTC
Last modified on: 07/20/2022 11:34:00 UTC

References