Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure. https://mattermost.com/security-updates/
Created purple-mattermost tracking bugs for this issue: Affects: epel-all [bug 2056762] Affects: fedora-all [bug 2056763]
Mattermost identifies this flaw as MMSA-2022-0082, but does not directly reference the CVE from their security update page.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0708