Lucene search
K

6 matches found

EUVD
EUVD
added 2026/05/21 7:13 a.m.11 views

EUVD-2026-31221

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 6:16 p.m.5 views

GO-2026-4812 Mattermost fails to verify run_create permission for empty playbookId in github.com/mattermost/mattermost-plugin-playbooks

Mattermost fails to verify runcreate permission for empty playbookId in github.com/mattermost/mattermost-plugin-playbooks...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/16 10:48 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the playbook run API when the runcreate permission is not verified for an empty playbookId. An attacker can initiate unauthorized playbook runs by sending crafted API requests. Remediation Upgrade...

5.3CVSS5.8AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 9:34 p.m.4 views

GHSA-4PMX-622H-X359 Mattermost fails to verify run_create permission for empty playbookId

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/16 9:34 p.m.13 views

Mattermost fails to verify run_create permission for empty playbookId

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/16 8:16 p.m.5 views

CVE-2026-26304

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

4.3CVSS0.00159EPSS
Exploits0References1
Rows per page
Query Builder