CVE-2016-11066: Mattermost Server: initial_load API exposes unnecessary information

May 24, 2022 (updated October 21, 2025)

An issue was discovered in Mattermost Server before 3.1.1. The initial_load API disclosed unnecessary personal information.

References

github.com/advisories/GHSA-r93j-3mmp-px57
github.com/mattermost/mattermost
github.com/mattermost/mattermost/commit/f89e7c6d543a82d6078c2ca0f892914d7976a6f5
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2016-11066

Code Behaviors & Features

Detect and mitigate CVE-2016-11066 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →