Description

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

Related CPE's

a

mattermost

mattermost

3

References

https://mattermost.com/security-updates

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-862

[email protected]

Secondary
CWE-862

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-11T07:15:09.853

11 months ago

Last modified

2023-08-15T20:37:02.983

11 months ago