Vulnerabilities > CVE-2021-37864 - Incorrect Authorization vulnerability in Mattermost

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mattermost
CWE-863

Summary

Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.

Vulnerable Configurations

Part Description Count
Application
Mattermost
99

Common Weakness Enumeration (CWE)