Launch Week Day 1: Announcing Security Design Review

Mattermost Server exposes account details to any Team Administrator

GHSA-g3f3-p9rc-775p · CVE-2016-11080 · GO-2025-4063

Published May 24, 2022 · Modified Nov 5, 2025

Description

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes