Jeetbhdr

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.11.x through 9.11.8 **Description** The issue is related to the improper authorization of the Viewer role, allowing an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics. **Recommendations** For Mattermost versions 9.11.x through 9.11.8, update to a version that properly performs authorization of the Viewer role to prevent unauthorized access to team and site statistics. At the moment, there is no information about a newer version that contains a fix for this vulnerability.