CVE-2024-29215 Information

Description

Mattermost versions 9.5.x <= 9.5.3 9.7.x <= 9.7.1 9.6.x <= 9.6.1 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook task command.

Reference

https://mattermost.com/security-updates