EUVD-2023-53776

Malicious code in bioql PyPI...

CVE-2023-49874

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...

Improper Access Control

Mattermost is vulnerable to Improper Access Control. The vulnerability is due to Mattermost's failure to check whether a user is a guest when updating the tasks of a private playbook run. It allows a guest to update the task of a private playbook run if they know the run ID...

CVE-2023-49874

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...

CVE-2023-49874

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...

Design/Logic Flaw

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...

CVE-2023-49874

CVE-2023-49874 : Mattermost has an access-control flaw in the Playbooks feature where a guest can update tasks of a private playbook run if they know the run ID, due to insufficient verification of guest status. Affected software: Mattermost (Playbooks task-update flow). Root cause: lack of prope...

PT-2023-31401 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows a guest user to update tasks of a private playbook run if they know the run ID, due to a lack of proper user checks. Recommendations: At the moment, there is no...