CVE-2021-37864

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-37864

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37864.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-37864

Published

2022-01-18T17:15:08.400Z

Modified

2026-04-10T04:36:09.831054Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost-server

Events

Introduced

Last affected

53d8acceaedda694605631ff50dde0d31e47fa5e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1"
        }
    ]
}

Affected versions

Other

cloud-2020-11-24

cloud-2020-12-08

cloud-2020-12-18

cloud-2021-01-12

cloud-2021-01-26

cloud-2021-02-10

cloud-2021-02-24

cloud-2021-02-25-1

cloud-2021-03-12-1

cloud-2021-03-23-1

cloud-2021-04-22-1

cloud-2021-05-05-1

cloud-2021-05-21-1

cloud-2021-06-02-1

cloud-2021-06-16-1

cloud-2021-07-01-1

cloud-2021-07-15-1

cloud-2021-07-29-1

cloud-2021-08-12-1

cloud-2021-09-29-1

cloud-2021-10-12-1

cloud-2021-10-27-1

v0.*

v0.5.0

v4.*

v4.10.0-rc1

v4.2.0-rc1

v4.3.0-rc1

v4.4.0-rc1

v4.5.0-rc1

v4.6.0-rc1

v4.6.0-rc2

v4.7.0-rc1

v4.8.0-rc1

v4.9.0-rc1

v5.*

v5.0.0-rc1

v5.1.0-rc1

v5.2.0-rc1

v5.2.0-rc2

v6.*

v6.1.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37864.json"