Exposure of Resource to Wrong Sphere
Mattermost fails to check the "Show Full Name" setting when rendering the result for the "/plugins/focalboard/api/v2/users" API call, allowing an attacker to learn the full name of a board owner. This issue affects github.com/mattermost/focalboard/mattermost-plugin and github.com/mattermost/focalboard/server versions prior to 7.4.4.
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.