CVE-2023-6547
published 2023-12-12CVE-2023-6547: Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | <= 8.1.5 | — |
| mattermost | mattermost_server | <= 8.1.5 | — |
| mattermost | mattermost_server | 9.2.0 – 9.2.1 | — |