Assigner | Mattermost |
Reserved | 2024-05-23 |
Published | 2024-05-26 |
Updated | 2024-06-07 |
Description
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members of.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N |
Problem types
CWE-284: Improper Access Control
Product status
9.5.0
9.6.0
8.1.0
9.7.0
9.5.4
9.6.2
8.1.13
Credits
BhaRat (hackit_bharat)
References
https://mattermost.com/security-updates