github.com/mattermost/mattermost/server/channels/api4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the github.com/mattermost/mattermost/server/channels/api4 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Missing Authorization	>=10.11.0 <10.11.10
M Information Exposure	>=10.11.0 <10.11.10>=11.1.0 <11.1.3>=11.2.0 <11.2.2
L Time-of-check Time-of-use (TOCTOU) Race Condition	>=10.11.0 <10.11.10>=11.0.0-alpha.1 <11.3.0-rc2
M Privilege Context Switching Error	>=10.5.0-rc1 <10.5.13>=10.11.0-rc1 <10.11.5>=10.12.0-rc1 <10.12.2>=11.0.0-alpha.1 <11.0.3
L Privilege Context Switching Error	>=10.5.0-rc1 <10.5.13>=10.11.0-rc1 <10.11.5>=10.12.0-rc1 <10.12.2>=11.0.0-alpha.1 <11.1.0
C Incorrect Implementation of Authentication Algorithm	>=10.5.0 <10.5.13>=10.11.0 <10.11.5>=10.12.0 <10.12.2>=11.0.0-alpha.1 <11.0.3
M Information Exposure	>=10.5.0 <10.5.13>=10.11.0 <10.11.5>=10.12.0 <10.12.2>=11.0.0-alpha.1 <11.0.3
L Incorrect Default Permissions	>=10.5.0 <10.5.12>=10.11.0 <10.11.4
M Missing Authentication for Critical Function	>=10.5.0 <10.5.12>=10.11.0 <10.11.4-rc2>=10.12.0 <10.12.1
L Incorrect Authorization	<11.0.0-alpha.1
M Incorrect Authorization	<11.0.0-alpha.1
L Incorrect Authorization	>=10.5.0 <10.5.12-rc1>=10.11.0 <10.11.4-rc1
H Directory Traversal	>=9.11.0 <9.11.18>=10.0.0 <10.5.9>=10.6.0 <10.8.4>=10.9.0 <10.9.4>=10.10.0 <10.10.2
L Authorization Bypass Through User-Controlled Key	>=9.11.0 <9.11.18>=10.5.0 <10.5.9
M Directory Traversal	>=10.5.0 <10.5.9>=10.8.0 <10.8.4>=10.9.0 <10.9.4>=10.10.0 <10.10.1
M Incorrect Authorization	>=9.11.0 <9.11.18>=10.5.0 <10.5.9
M Directory Traversal	>=10.5.0 <10.5.9>=10.8.0 <10.8.4>=10.9.0 <10.9.2>=9.11.0 <9.11.18
M Missing Authentication for Critical Function	>=9.11.0 <9.11.18>=10.5.0 <10.5.9>=10.8.0 <10.8.4>=10.9.0 <10.9.3
L Incorrect Authorization	>=9.11.0 <9.11.14>=10.5.0 <10.5.5-rc1
M Incorrect Authorization	>=9.11.0 <9.11.12>=10.4.0 <10.4.5>=10.5.0 <10.5.3>=10.6.0 <10.6.2
M Incorrect Authorization	>=9.11.0 <9.11.12>=10.5.0 <10.5.3
M Incorrect Authorization	>=9.11.0 <9.11.12>=10.5.0 <10.5.3
M Overly Restrictive Account Lockout Mechanism	>=9.11.0 <9.11.12>=10.4.0 <10.4.5>=10.5.0 <10.5.3>=10.6.0 <10.6.2
L Missing Authentication for Critical Function	<9.11.10-rc1>=10.5.0 <10.5.2
M Incorrect Authorization	>=9.11.0-rc1 <9.11.10>=10.0.0-rc1 <10.4.4>=10.5.0-rc1 <10.5.2
M Incorrect Authorization	<9.11.9-rc1>=10.3.0-rc1 <10.3.4>=10.4.0-rc1 <10.4.3
M Missing Authentication for Critical Function	<9.11.9-rc1>=10.3.0-rc1 <10.3.4-rc1>=10.4.0-rc1 <10.4.3-rc1
L Incorrect Authorization	>=9.11.0 <9.11.9-rc1
M Incorrect Authorization	<9.11.9>=10.3.0-rc1 <10.3.4>=10.4.0-rc1 <10.4.3>=10.5.0-rc1 <10.5.1

Vulnerability

Vulnerable Version

Missing Authorization

>=10.11.0 <10.11.10