CVE-2024-24776

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-24776

CGA ID

CGA-w8r2-gqff-xqvg

Severity

4.3

Medium

CVSS V3

Description

Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.

References

https://images.chainguard.dev/security/CGA-w8r2-gqff-xqvg
https://github.com/advisories/GHSA-r833-w756-h5p2
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-24776

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources