Assigner | Mattermost |
Reserved | 2024-05-23 |
Published | 2024-05-26 |
Updated | 2024-06-10 |
Description
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
Problem types
CWE-284: Improper Access Control
Product status
9.5.0
9.6.0
8.1.0
9.7.0
9.5.4
9.6.2
8.1.13
Credits
Juho Nurminen
References
https://mattermost.com/security-updates