CVE-2022-2401: Exposure of Sensitive Information to an Unauthorized Actor

July 15, 2022 (updated July 21, 2022)

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.

References

github.com/advisories/GHSA-7ggc-5r84-xf54
mattermost.com/security-updates/
nvd.nist.gov/vuln/detail/CVE-2022-2401

Detect and mitigate CVE-2022-2401 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →