CVE-2022-0708

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-0708
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0708.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0708
Published
2022-02-21T18:15:08.957Z
Modified
2026-04-10T04:42:25.063819Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.

References

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f5a7bfe1ad29be0094ea657f8ccfbe79a11f7430
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.3.0"
        }
    ]
}

Affected versions

Other
cloud-2020-11-24
cloud-2020-12-08
cloud-2020-12-18
cloud-2021-01-12
cloud-2021-01-26
cloud-2021-02-10
cloud-2021-02-24
cloud-2021-02-25-1
cloud-2021-03-12-1
cloud-2021-03-23-1
cloud-2021-04-22-1
cloud-2021-05-05-1
cloud-2021-05-21-1
cloud-2021-06-02-1
cloud-2021-06-16-1
cloud-2021-07-01-1
cloud-2021-07-15-1
cloud-2021-07-29-1
cloud-2021-08-12-1
cloud-2021-09-29-1
cloud-2021-10-12-1
cloud-2021-10-27-1
cloud-2021-11-09-1
cloud-2021-11-11-1
cloud-2021-11-23-1
cloud-2021-11-25-1
cloud-2021-11-30-1
cloud-2021-12-08-1
v0.*
v0.5.0
v4.*
v4.10.0-rc1
v4.2.0-rc1
v4.3.0-rc1
v4.4.0-rc1
v4.5.0-rc1
v4.6.0-rc1
v4.6.0-rc2
v4.7.0-rc1
v4.8.0-rc1
v4.9.0-rc1
v5.*
v5.0.0-rc1
v5.1.0-rc1
v5.2.0-rc1
v5.2.0-rc2
v6.*
v6.3.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0708.json"