CVE-2023-49874
CVE-2023-49874 : Mattermost has an access-control flaw in the Playbooks feature where a guest can update tasks of a private playbook run if they know the run ID, due to insufficient verification of guest status. Affected software: Mattermost (Playbooks task-update flow). Root cause: lack of prope...