Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-02-09T14:50:45.443Z
Updated: 2024-07-05T17:20:51.618Z
Reserved: 2024-01-30T10:23:06.717Z
Link: CVE-2024-24776
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-09T15:15:08.547
Modified: 2024-02-15T18:42:25.383
Link: CVE-2024-24776
JSON object: View
Redhat Information
No data.
CWE