Vulnerabilities > CVE-2024-24776 - Unspecified vulnerability in Mattermost Server 5.23.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mattermost

NVD

Published: 2024-02-09

Updated: 2024-02-15

Summary

Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.

Vulnerable Configurations

Part	Description	Count
Application	Mattermost Mattermost Mattermost Server 5.23.0	1

References

https://mattermost.com/security-updates