MEDIUM 4.3

GHSA-6cfr-wp44-6qmv

Mattermost has an Incorrect Authorization issue

상세

Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request. Mattermost Advisory ID: MMSA-2026-00629.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Go / github.com/mattermost/mattermost/server/v8

최초 영향 버전: 8.0.0-20260304132957-9f2616376582 수정 버전: 8.0.0-20260320113102-f2b3d1c6a945

수정 go get github.com/mattermost/mattermost/server/v8@v8.0.0-20260320113102-f2b3d1c6a945

참고

https://nvd.nist.gov/vuln/detail/CVE-2026-4055 [ADVISORY]
https://github.com/mattermost/mattermost [PACKAGE]
https://mattermost.com/security-updates [WEB]