CVE-2023-49874 Information

Description

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID.

Reference

https://mattermost.com/security-updates