CVE-2024-43813

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0

Description The issue is related to improper access controls, allowing any authenticated user, including guests, to mark any channel inside any team as read for any user. This affects the ability to enforce proper access controls within the system.

Recommendations For Mattermost versions 9.5.x through 9.5.7, update to a version later than 9.5.7 to resolve the issue. For Mattermost versions 9.10.x through 9.10.0, update to a version later than 9.10.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive channels and teams to minimize the risk of exploitation.