CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1, 8.1.x = 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook task command...

CVE-2024-29215

Mattermost Server vulnerability CVE-2024-29215: Improper access control in slash commands linked to playbook tasks allows a user to run a slash command in a channel they are not a member of. Affected versions: Mattermost 9.5.x up to 9.5.3; 9.7.x up to 9.7.1; 9.6.x up to 9.6.1; 8.1.x up to 8.1.12....