Pyae Phyo

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue arises from the improper validation of the "Show Full Name" option in certain endpoints within Mattermost Boards. This allows a member to obtain the full name of another user, even when the "Show Full Name" option has been disabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue arises from Mattermost's failure to properly verify permissions when managing or updating a bot. This allows a User Manager role with user edit permissions to manage or update bots. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** Mattermost fails to properly check permissions when retrieving a post, allowing a System Role with the permission to manage channels to read the posts of a DM conversation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue arises from Mattermost's failure to properly validate permissions when demoting and deactivating a user. This allows a system or user manager to demote or deactivate another manager. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue arises from Mattermost's failure to properly validate the requesting user's permissions when updating a system admin. This allows a user manager to update a system admin's details, including email, first name, and last name. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.