Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook task command.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-05-26T13:33:41.791Z
Updated: 2024-08-02T01:10:54.568Z
Reserved: 2024-05-23T10:57:59.897Z
Link: CVE-2024-29215
Vulnrichment
Updated: 2024-08-02T01:10:54.568Z
NVD
Status : Awaiting Analysis
Published: 2024-05-26T14:15:08.627
Modified: 2024-05-28T12:39:42.673
Link: CVE-2024-29215
Redhat
No data.