CVE-2016-11080: Mattermost Server exposes account details to any Team Administrator

May 24, 2022 (updated October 31, 2025)

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

References

github.com/advisories/GHSA-g3f3-p9rc-775p
github.com/mattermost/mattermost
github.com/mattermost/mattermost/commit/6c75662b824491a20a757a5eec59556a866374b5
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2016-11080

Code Behaviors & Features

Detect and mitigate CVE-2016-11080 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →