CVE-2024-24776: Improper Access Control

February 9, 2024 (updated February 19, 2024)

Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.

References

github.com/advisories/GHSA-r833-w756-h5p2
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2024-24776

Code Behaviors & Features

Detect and mitigate CVE-2024-24776 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →