Vulnerability CVE-2023-49874
Published: 2023-12-12   Modified: 2023-12-14

Description:
Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID.

Type:

CWE-noinfo

Affected software
Mattermost -> Mattermost server 

 References:
https://mattermost.com/security-updates
Copyright 2024, cxsecurity.com

 

Back to Top