3 matches found
CVE-2024-5272
The CVE-2024-5272 issue is an Improper Access Control in Mattermost where the audience of the custom_playbooks_playbook_run_updated webhook is not restricted. A guest in a channel with a linked playbook run can view all details of the playbook run once it is marked as finished. Affected versions ...
CVE-2024-5272 Run Details leak to guest via webhook event "custom_playbooks_playbook_run_updated"
Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1, 8.1.x = 8.1.12 fail to restrict the audience of the "customplaybooksplaybookrunupdated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by finished...
PT-2024-35417 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue is related to the "custom playbooks playbook run updated" webhook event, where guests on a channel...