CVE-2023-47858 Information

Description

Mattermost fails to properly verify the permissions needed for viewing archived public channels  allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams//channels/deleted endpoint.

Reference

https://mattermost.com/security-updates