Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 4.3 Go

Mattermost allows an unauthorized Guest user access to Playbook

GHSA-4578-6gjh-f2jm · CVE-2025-3228 · GO-2025-3771

Published · Modified

Description

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes