Elias Nahum

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions <=2.25.0 Description: The issue arises when Mattermost Mobile Apps fail to terminate sessions during logout under certain conditions, such as poor connectivity, allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications. Recommendations: For Mattermost Mobile Apps versions <=2.25.0, update to a version higher than 2.25.0 to ensure proper session termination during logout.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 6.7.0 and earlier **Description** The issue allows team members to access some sensitive information by directly accessing the APIs. This is an unrestricted information disclosure issue that affects all users. **Recommendations** For Mattermost versions 6.7.0 and earlier, consider restricting access to sensitive APIs to minimize the risk of exploitation. As a temporary workaround, limit the ability of team members to directly access APIs that may disclose sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.