Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*" ] }