Unrated severityNVD Advisory· Published Dec 12, 2023· Updated Aug 2, 2024
IDOR when updating the tasks of a private playbook run
CVE-2023-49874
Description
Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.