{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T15:23:38.786","vulnerabilities":[{"cve":{"id":"CVE-2024-42000","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2024-11-09T18:15:14.993","lastModified":"2024-11-14T16:48:30.013","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels  which allows a User or System Manager, with \"Read Groups\" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels."},{"lang":"es","value":"Las versiones de Mattermost 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 y 10.0.x <= 10.0.0 no autorizan correctamente las solicitudes a /api/v4/channels, lo que permite que un usuario o administrador del sistema, con permiso de \"Leer grupos\" pero sin acceso a canales, recupere detalles sobre canales privados de los que no era miembro enviando una solicitud a /api/v4/channels."}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.5.0","versionEndExcluding":"9.5.10","matchCriteriaId":"E022FB98-95D6-4F82-9A9F-0C320633E64D"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.10.0","versionEndExcluding":"9.10.3","matchCriteriaId":"6E2037E9-B6B2-4764-A5C9-5006DCF34E94"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.11.0","versionEndExcluding":"9.11.2","matchCriteriaId":"5F0D9909-E2B9-41B3-93F7-6C666434FE7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:10.0.0:-:*:*:*:*:*:*","matchCriteriaId":"D08969BB-2AE8-4583-8205-F39C44039955"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:10.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"07AF48D9-3CA9-4D3F-9F2E-975858205BA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:10.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"23737B5A-A878-46FA-9261-CF87246DF759"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:10.0.0:rc3:*:*:*:*:*:*","matchCriteriaId":"CF95680E-B893-42E4-A639-D9753E1C85E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:10.0.0:rc4:*:*:*:*:*:*","matchCriteriaId":"594BC592-4333-4BC4-8868-091001AB5E36"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}