Slack server disclose h1 private issue report

Summary ======= Upon browsing the https://www.impresscms.org/, one of the post include the public Slack Channel however the devel channel exposed some of the private h1 reports. Checking ImpressCMS hacktivity the issues that get resolved/reported are private which helps me to verify that the team doesn't want to expose these issues that reported on Hackerone. Steps To Reproduce ============= * Go to https://www.impresscms.org/modules/news/article.php?article_id=1019 * Signup a Slack account * After successful installation, go to devel channel * Scroll up to top and you can disclose different reports from h1. Possible Mitigation ============ Convert those channel that contain sensitive information to private channels. https://www.businessinsider.com/how-to-make-a-slack-channel-private Impact ==== This allows the attacker to read old exploit and those exploit can be use for outdated version of ImpressCMS