Vulnerability Details : CVE-2022-2408
The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2022-2408
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less