CVE-2022-2408

The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt