CVE-2025-3228

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run...

PT-2024-24246 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue is related to improper authorization checks. This allows a member running a playbook in an existin...

JumpServer 安全漏洞

JumpServer is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. A security vulnerability exists in JumpServer versions prior to v3.10.6, which stems from the fact that if an authorized attacker manages to learn the playbookid of another user, they can gai...

CVE-2023-6547

Mattermost is affected by CVE-2023-6547, where a flaw in access control allows a user who has permissions to a specific playbook but not to its hosting team to view/modify the playbook. The root cause is the system failing to validate team membership when accessing a playbook, which can occur if ...

PT-2023-32691 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from a failure to validate team membership when a user attempts to access a playbook. This allows a user with permissions to a playbook but no permissions to the team th...