Adrian

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.2 Mattermost versions 10.0.x through 10.0.0 **Description** The issue arises when searching for channel names in the channel switcher, allowing an attacker to obtain private channel names they are not a member of, when Elasticsearch v8 is enabled. This occurs due to a failure to properly query ElasticSearch. **Recommendations** For versions 9.11.x through 9.11.2, update to a version later than 9.11.2 to resolve the issue. For versions 10.0.x through 10.0.0, update to a version later than 10.0.0 to resolve the issue. As a temporary workaround, consider disabling Elasticsearch v8 until a patch is available.