CVE-2022-0708: Team Creator's Email Address is disclosed to Team Members via one of the APIs
First published: Mon Feb 21 2022(Updated: )
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.
Credit: responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost | <=6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-0708?
The severity of CVE-2022-0708 is medium, with a severity value of 6.5.
How does CVE-2022-0708 affect Mattermost?
CVE-2022-0708 affects Mattermost versions 6.3.0 and earlier.
What is the vulnerability associated with CVE-2022-0708?
The vulnerability associated with CVE-2022-0708 allows authenticated team members to access the email addresses of the team creator.
Is there a fix available for CVE-2022-0708?
Yes, a fix is available for CVE-2022-0708. Users should update to a version later than 6.3.0.
Where can I find more information about CVE-2022-0708?
More information about CVE-2022-0708 can be found at the following link: https://mattermost.com/security-updates/
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mattermost
- canonical/mattermost mattermost
- version/mattermost mattermost/6.3.0