CVE-2022-2401

MEDIUM

Mattermost < 6.3.9 - Unauthenticated Exposure of Sensitive User Information via API

Title source: llm
STIX 2.1

Description

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://mattermost.com/security-updates/

Scores

CVSS v3 6.5
EPSS 0.0033
EPSS Percentile 55.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (5)
mattermost/mattermost-server 0 - 6.3.9Go
mattermost/mattermost_server 6.6.0
mattermost/mattermost_server 6.6.1
mattermost/mattermost_server 6.7.0
mattermost/mattermost_server < 6.3.9
Published Jul 14, 2022
Tracked Since Feb 18, 2026