CVE-2024-23493
EUVD-2024-056329.02.2024, 08:15
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 𝑥 < 8.1.9 |
| mattermost | mattermost_server | 9.0.0 ≤ 𝑥 < 9.2.5 |
| mattermost | mattermost_server | 9.4.0 ≤ 𝑥 < 9.4.2 |
| mattermost | mattermost_server | 9.3.0 |
| mattermost | mattermost_server | 9.3.0:rc1 |
| mattermost | mattermost_server | 9.3.0:rc2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.