Improper Access Control in Mattermost Server versions 8.1.x prior to 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel
Vulmon