Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mattermost mattermost server |