GHSA-r833-w756-h5p2

Source
https://github.com/advisories/GHSA-r833-w756-h5p2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-r833-w756-h5p2/GHSA-r833-w756-h5p2.json
Aliases
Published
2024-02-09T15:31:27Z
Modified
2024-02-16T08:26:20.558927Z
Details

Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.

References

Affected packages

Go / github.com/mattermost/mattermost/server/v8

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
8.1.8

Go / github.com/mattermost/mattermost/server/v8

Affected ranges

Type
SEMVER
Events
Introduced
9.0.0
Fixed
9.3.0