Basiljawan

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.8 Description: The issue is related to improper access controls on the "/api/v4/audits" endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs. Recommendations: For Mattermost versions 9.11.x through 9.11.8, consider restricting access to the "/api/v4/audits" endpoint until a patch is available. As a temporary workaround, review and adjust the delegated granular administration roles to ensure proper access controls are in place.