Harrison Healey

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.1.x through 11.1.2 Mattermost versions 11.2.x through 11.2.1 **Description** The software does not properly validate team membership when processing channel mentions. This allows authenticated users to determine the existence of teams and their URL names by posting channel shortlinks and observing the `channel mentions` property in the API response. The affected API endpoint is not specified. **Recommendations** Update Mattermost to a version later than 10.11.9. Update Mattermost to a version later than 11.1.2. Update Mattermost to a version later than 11.2.1.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 **Description** The issue arises from the improper sanitization of recipients of a webhook event, allowing an attacker who is monitoring these events to obtain the channel IDs of archived or restored channels. **Recommendations** For Mattermost versions 9.5.x through 9.5.5, update to a version later than 9.5.5 to resolve the issue. For Mattermost version 9.8.0, update to a version later than 9.8.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue arises from Mattermost's failure to use innerText or textContent when setting the channel name in the webapp during autocomplete. This allows an attacker to inject HTML into a victim's page by creating a channel name that is valid HTML. However, it is noted that no Cross-Site Scripting (XSS) is possible. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue arises from Mattermost's failure to check if the "Allow users to view archived channels" setting is enabled when displaying permalink previews. This oversight allows members to view permalink previews of archived channels, even if the "Allow users to view archived channels" setting is disabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** When running in a High Availability configuration, Mattermost fails to sanitize some of the `user updated` and `post deleted` events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.