Description

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

Related CPE's

a

mattermost

mattermost

3

References

https://mattermost.com/security-updates

Vendor Advisory

https://mattermost.com/security-updates

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-862

[email protected]

Primary
CWE-862

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-11T05:15:09.853Z

2 years ago

Last modified

2024-11-21T07:34:24.353Z

1 year ago