CVE-2024-5272

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 failto restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by finished.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
MattermostCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
mattermostmattermost_server
8.1.0 ≤
𝑥
< 8.1.13
mattermostmattermost_server
9.5.0 ≤
𝑥
< 9.5.4
mattermostmattermost_server
9.6.0 ≤
𝑥
< 9.6.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mattermost.com/security-updates
https://mattermost.com/security-updates