CVE-2024-34029
published 2024-05-26CVE-2024-34029: Mattermost versions 9.5.x /channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Mattermost versions 9.5.x /channels//link endpoint which allows a user to learn the members of an AD/LDAP group that is linked to a team by adding the group to a channel, even if the user has no access to the team.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | 8.1.0 – 8.1.12 | — |
| mattermost | mattermost | 9.5.0 – 9.5.3 | — |
| mattermost | mattermost | 9.7.0 – 9.7.1 | — |
| mattermost | mattermost_server | >= 8.1.0 < 8.1.13 | 8.1.13 |
| mattermost | mattermost_server | >= 9.5.0 < 9.5.4 | 9.5.4 |
| mattermost | mattermost_server | >= 9.7.0 < 9.7.2 | 9.7.2 |