Othman

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1 Mattermost versions 10.0.x through 10.0.0 **Description** The issue allows a User or System Manager with "Read Groups" permission but no access to channels to retrieve details about private channels they are not a member of by sending a request to "/api/v4/channels". This is due to a request authorization issue in the affected Mattermost versions. **Recommendations** For versions 9.5.x through 9.5.9, upgrade to a version higher than 9.5.9 to resolve the issue. For versions 9.10.x through 9.10.2, upgrade to a version higher than 9.10.2 to resolve the issue. For versions 9.11.x through 9.11.1, upgrade to a version higher than 9.11.1 to resolve the issue. For versions 10.0.x through 10.0.0, upgrade to a version higher than 10.0.0 to resolve the issue.