Cross-site Request Forgery (CSRF)

Mattermost is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to a failure to validate post actions properly, allowing an attacker to run a playbook checklist task command as another user by creating and sharing a deceptive post action that unexpectedly runs a slash comman...

CVE-2024-36255

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

CVE-2024-36255 Post actions can run playbook checklist task commands

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

CVE-2024-36255

Mattermost CVE-2024-36255 involves improper input validation on post actions in affected releases, enabling an attacker to execute a playbook checklist task command as another user by crafting a deceptive post action that unexpectedly runs a slash command in an arbitrary channel. Affected version...

CVE-2024-36255 Post actions can run playbook checklist task commands

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...