CVE-2024-4195 Information

Description

Mattermost versions 9.6.0 9.5.x before 9.5.3 and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests.

Reference

https://mattermost.com/security-updates