Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
2024-02-09T15:15:08.547
2024-11-21T08:59:40.850
Modified
CVSSv3.1: 3.1 (LOW)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mattermost | mattermost_server | ≤ 8.1.7 | Yes |