Lucene search

GoogleOSV:CVE-2024-24776

HistoryFeb 09, 2024 - 3:15 p.m.

CVE-2024-24776

2024-02-0915:15:08

Google

osv.dev

mattermost

api

vulnerability

channel

member counts

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.

CPENameOperatorVersion
mattermosteq4.6.0-rc6
mattermosteq1.4.0
mattermosteq8.1.7-rc2
mattermosteq0.5.0
mattermosteq5.1.0
mattermosteq5.0.0-rc2
mattermosteq5.2.0-rc3
mattermosteq5.2.0-rc2
mattermosteq4.9.0-rc2
mattermosteq5.3.0-rc1

Name	Operator	Version
mattermost	eq	4.6.0-rc6
mattermost	eq	1.4.0
mattermost	eq	8.1.7-rc2
mattermost	eq	0.5.0
mattermost	eq	5.1.0
mattermost	eq	5.0.0-rc2
mattermost	eq	5.2.0-rc3
mattermost	eq	5.2.0-rc2
mattermost	eq	4.9.0-rc2
mattermost	eq	5.3.0-rc1

Rows per page:

1-10 of 1551

References

mattermost.com/security-updates

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Related for OSV:CVE-2024-24776