Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-05-26T13:28:16.722Z
Updated: 2024-09-03T16:03:29.404Z
Reserved: 2024-05-23T10:57:59.911Z
Link: CVE-2024-34152
Vulnrichment
Updated: 2024-08-02T02:51:11.224Z
NVD
Status : Awaiting Analysis
Published: 2024-05-26T14:15:09.607
Modified: 2024-05-28T12:39:28.377
Link: CVE-2024-34152
Redhat
No data.