CVE-2023-6202 Information

Description

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name surname nickname) via Mattermost Boards.

Reference

https://mattermost.com/security-updates