First published: Fri Apr 05 2024(Updated: )
Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/mattermost/mattermost/server/v8 | <8.1.11 | 8.1.11 |
Mattermost Mattermost Server | >=8.1.0<8.1.11 | |
>=8.1.0<8.1.11 |
Update Mattermost Server to versions 9.5.0, 8.1.11 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.