CVE-2024-23493 – Team associated AD/LDAP Groups Leaked due to missing authorization

https://notcve.org/view.php?id=CVE-2024-23493

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. Mattermost no autoriza adecuadamente las solicitudes que buscan grupos AD/LDAP asociados al equipo, lo que permite a un usuario obtener detalles de los grupos AD/LDAP de un equipo del que no es miembro. • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •