CVE-2024-23493

🗓️ 29 Feb 2024 08:02:32Reported by MattermostType

Mattermost fails to properly authorize fetching AD/LDAP groups

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2024-23493	29 Feb 202409:26	–	circl
CNNVD	Mattermost Security Vulnerabilities	29 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-23493 Team associated AD/LDAP Groups Leaked due to missing authorization	29 Feb 202408:02	–	cvelist
EUVD	EUVD-2024-0563	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost leaks details of AD/LDAP groups of a teams	29 Feb 202409:30	–	github
NVD	CVE-2024-23493	29 Feb 202408:15	–	nvd
OSV	BIT-MATTERMOST-2024-23493	11 Jan 202507:15	–	osv
OSV	CGA-2WP6-CR3W-32F2	25 Sep 202402:09	–	osv
OSV	CGA-G8W9-CFHM-6XX9	15 Jul 202421:58	–	osv
OSV	CGA-GVHX-FGCW-F546	24 Jun 202414:34	–	osv

NVD

Node

mattermost mattermost_serverRange<8.1.9

mattermost mattermost_serverRange9.0.0–9.2.5

mattermost mattermost_serverRange9.4.0–9.4.2

mattermost mattermost_serverMatch9.3.0-

mattermost mattermost_serverMatch9.3.0rc1

mattermost mattermost_serverMatch9.3.0rc2

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.3.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.5.0"
      },
      {
        "status": "unaffected",
        "version": "9.4.2"
      },
      {
        "status": "unaffected",
        "version": "9.3.1"
      },
      {
        "status": "unaffected",
        "version": "9.2.5"
      },
      {
        "status": "unaffected",
        "version": "8.1.9"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

10 Jan 2025 15:34Current

4.3Medium risk

Vulners AI Score4.3

CVSS 3.14.3 - 6.5

EPSS0.00158

SSVC

mattermost ad ldap authorization security vulnerability