CVE-2024-34029

🗓️ 26 May 2024 13:27:27Reported by MattermostType

cve🔗 web.nvd.nist.gov👁 93 Views🌐 WEB

Mattermost authorization check vulnerabilit

Reporter	Title	Published	Views	Family All 8
CNNVD	Mattermost 安全漏洞	26 May 202400:00	–	cnnvd
CNVD	Mattermost Server Security Bypass Vulnerability	28 May 202400:00	–	cnvd
Cvelist	CVE-2024-34029 AD/LDAP Group Members Leak	26 May 202413:27	–	cvelist
EUVD	EUVD-2024-34599	3 Oct 202520:07	–	euvd
NVD	CVE-2024-34029	26 May 202414:15	–	nvd
RedhatCVE	CVE-2024-34029	9 Jan 202609:05	–	redhatcve
Veracode	Exposure Of Sensitive Information To An Unauthorized Actor	28 May 202408:54	–	veracode
Vulnrichment	CVE-2024-34029 AD/LDAP Group Members Leak	26 May 202413:27	–	vulnrichment

NVD

Node

mattermost mattermost_serverRange8.1.0–8.1.13

mattermost mattermost_serverRange9.5.0–9.5.4

mattermost mattermost_serverRange9.7.0–9.7.2

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.5.3",
        "status": "affected",
        "version": "9.5.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.7.1",
        "status": "affected",
        "version": "9.7.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.12",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "9.8.0"
      },
      {
        "status": "unaffected",
        "version": "9.5.4"
      },
      {
        "status": "unaffected",
        "version": "9.7.2"
      },
      {
        "status": "unaffected",
        "version": "8.1.13"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

Parameter	Position	Path	Description	CWE
group-id	path	/api/v4/groups/<group-id>/channels/<channel-id>/link	Missing authorization check to prevent access to linked AD/LDAP group members when linking a group to a channel.	CWE-200
channel-id	path	/api/v4/groups/<group-id>/channels/<channel-id>/link	Missing authorization check to prevent access to linked AD/LDAP group members when linking a group to a channel.	CWE-200

30 Sep 2025 15:26Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.14.3

EPSS0.00422

SSVC

CWE-200