All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-2299
MEDIUMpublished 2026-06-25 20:17 UTC · 3 days ago · modified 2026-06-26 14:17 UTC
4.2
CVSS / 10
// description
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Google Drive files to unauthorized private channels and disclose private channel membership.
// cvss 3.1 vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
// weaknesses (CWE)
- CWE-862