GHSA-r833-w756-h5p2, CVE-2024-24776
go/github.com/mattermost/mattermost/server/v8
Improper Access Control
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
All versions before 8.1.8, all versions starting from 9.0.0 before 9.3.0
Upgrade to versions 8.1.8, 9.3.0 or above.
2024-02-20
source |