CVE-2023-2787 Information

Description

Mattermost fails to check channel membership when accessing message threads allowing an attacker to access arbitrary posts by using the message threads API.

Reference

https://mattermost.com/security-updates/