Ramyadav

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue arises from a failure to properly check authorization for the "POST /api/v4/teams" endpoint when a team override scheme ID is passed in the request. This allows an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team using the specified team override scheme. The `team override scheme ID` is used in this context to bypass normal authorization checks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.