Lucene search
GoogleOSV:GHSA-7V3V-984V-H74RHistoryFeb 29, 2024 - 9:30 a.m.
Mattermost leaks details of AD/LDAP groups of a teams
2024-02-2909:30:34
Google
osv.dev
5
mattermost
authorization
vulnerability
ad/ldap
group
details
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of.
Related
osv
osv
Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
2024-06-28 15:28:53
CGA-gvhx-fgcw-f546
2024-06-24 14:34:06
cve
cve
CVE-2024-23493
2024-02-29 08:15:47
prion
prion
Code injection
2024-02-29 08:15:00
github
github
Mattermost leaks details of AD/LDAP groups of a teams
2024-02-29 09:30:34
nvd
nvd
CVE-2024-23493
2024-02-29 08:15:47
cvelist
cvelist
veracode
veracode
Improper Access Control
2024-03-01 12:48:15
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for OSV:GHSA-7V3V-984V-H74R