Описание
Mattermost fails to verify run_create permission for empty playbookId
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542
Пакеты
Наименование
github.com/mattermost/mattermost-plugin-playbooks
go
Затронутые версииВерсия исправления
< 1.41.1-0.20260316224925-705f54a81841
1.41.1-0.20260316224925-705f54a81841
Связанные уязвимости
CVSS3: 4.3
nvd
14 дней назад
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542
CVSS3: 4.3
debian
14 дней назад
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify ...