PT-2026-41658 · Mattermost · Mattermost
0X7Oda7123
·
Published
2026-05-18
·
Updated
2026-05-18
·
CVE-2026-6343
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 11.5.0 through 11.5.1
Mattermost versions 10.11.0 through 10.11.13
Mattermost versions 11.4.0 through 11.4.3
Description
An issue exists where public/private permissions are not properly verified, allowing members who lack these permissions to access public playbooks through the '/get' endpoint.
Recommendations
Update Mattermost versions 11.5.0 through 11.5.1 to a version newer than 11.5.1.
Update Mattermost versions 10.11.0 through 10.11.13 to a version newer than 10.11.13.
Update Mattermost versions 11.4.0 through 11.4.3 to a version newer than 11.4.3.
As a temporary workaround, restrict access to the '/get' endpoint to minimize the risk of unauthorized playbook access.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost