Excessive API Access in Mattermost Server for Team Administrators
CVE-2016-11080
4.3MEDIUM
Summary
An issue exists in Mattermost Server, where Team Administrators have access to unnecessary APIs that allow them to view sensitive account details. This superfluous access can lead to potential privacy breaches and unauthorized visibility into user information, creating risks for organizations relying on the platform for team collaboration.
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved