Mattermost versions 9.5.x < 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels.
Publication date: Wed, 03 Jul 2024 09:15:00 +0000