{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "9.5.0"
              },
              {
                "fixed": "9.5.10"
              },
              {
                "introduced": "9.10.0"
              },
              {
                "fixed": "9.10.3"
              },
              {
                "introduced": "9.11.0"
              },
              {
                "fixed": "9.11.2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.0.0-NA"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.0.0-rc1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.0.0-rc2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.0.0-rc3"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.0.0-rc4"
              }
            ]
          },
          "events": [
            {
              "introduced": "99d819d25d0b16b3faed901b1fe5c41de7655e9c"
            },
            {
              "fixed": "4fdd366df05a110b843b3419002458bc3e5f135e"
            },
            {
              "introduced": "60c5bb46dfa8192efa5a13c746423f0e7696b8bc"
            },
            {
              "fixed": "49df0979aa1393fb3bb598dabf9c4bcc89f65244"
            },
            {
              "introduced": "0bc2ddd42375a75ab14e63f038165150d4f07659"
            },
            {
              "fixed": "cc5085e380c524570cce4dbad1795e4a1773fdf7"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "2d83d21388f3111bffe4b1f63521b21d77ec2cef"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "665abfa0c315f1b91e0d87e73415c212e599e810"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "d8d9751a5e5872f2b15985bb5d479c332903a75e"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "d5f536de455fecd775d46813940e2e5a1e84595d"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "2d83d21388f3111bffe4b1f63521b21d77ec2cef"
            }
          ],
          "repo": "https://github.com/mattermost/mattermost-server",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Mattermost versions 9.10.x \u003c= 9.10.2, 9.11.x \u003c= 9.11.1, 9.5.x \u003c= 9.5.9 and 10.0.x \u003c= 10.0.0 fail to properly authorize the requests to /api/v4/channels  which allows a User or System Manager, with \"Read Groups\" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels.",
  "id": "CVE-2024-42000",
  "modified": "2026-03-10T21:49:55.525032130Z",
  "published": "2024-11-09T18:15:14.993Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}