Mattermost · Mattermost · CVE-2022-2408
**Name of the Vulnerable Software and Affected Versions**
Mattermost versions 6.7.0 and earlier
**Description**
The Guest account feature fails to properly restrict permissions, allowing a guest user to fetch a list of all public channels in the team, even if they are not part of those channels.
**Recommendations**
For Mattermost versions 6.7.0 and earlier, consider disabling the Guest account feature until a patch is available to properly restrict permissions and prevent unauthorized access to public channels.