An issue exists in Mattermost Server prior to 3.0.0. It allows malicious users to obtain sensitive information about team URLs via an API.
mattermost mattermost server