Mattermost Improper Channel Archive Setting Vulnerability Allowing Unauthorized Member Information Access

Vulnerability

A vulnerability exists in Mattermost versions 10.5.x through 10.5.1, 10.4.x through 10.4.3, and 9.11.x through 9.11.9. These versions fail to properly enforce the 'Allow users to view/update archived channels' System Console setting. As a result, authenticated users can access member details and information from archived channels, even when the setting is disabled.

Impact

Exploitation of this vulnerability allows unauthorized access to member information of archived channels, potentially leading to privacy violations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Improper Channel Archive Setting Vulnerability Allowing Unauthorized Member Information Access

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating