CVE-2024-34029

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published May 26, 2024

Updated: May 28, 2024

CWE ID 200

Summary

CVE-2024-34029 is a vulnerability affecting Mattermost versions 9.5.x up to 9.5.3, 9.7.x up to 9.7.1, and 8.1.x up to 8.1.12. The issue lies in the /api/v4/groups/<group-id>/channels/<channel-id>/link endpoint where authorization checks are insufficient. This flaw enables users to access the members of an Active Directory/Lightweight Directory Access Protocol (AD/LDAP) group linked to a team, even if they have no access to the team itself. The vulnerability could potentially lead to unauthorized access to sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wEzIa4
https://www.cve.org/CVERecord?id=CVE-2024-34029
https://nvd.nist.gov/vuln/detail/CVE-2024-34029

Back to Vulnerability Database

CVE-2024-34029

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations