CVE-2025-46702 (GCVE-0-2025-46702)
Vulnerability from cvelistv5 – Published: 2025-06-30 16:51 – Updated: 2025-06-30 20:49
VLAI?
Title
Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management
Summary
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the 'Manage Members' permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges.
Severity ?
5.4 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.5.0 , ≤ 10.5.5
(semver)
Affected: 9.11.0 , ≤ 9.11.15 (semver) Affected: 10.8.0 Affected: 10.7.0 , ≤ 10.7.2 (semver) Affected: 10.6.0 , ≤ 10.6.5 (semver) Unaffected: 10.9.0 Unaffected: 10.5.6 Unaffected: 9.11.16 Unaffected: 10.8.1 Unaffected: 10.7.3 Unaffected: 10.6.6 |
Credits
mrhashimamin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T20:48:59.862312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T20:49:08.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.5.5",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.15",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"lessThanOrEqual": "10.7.2",
"status": "affected",
"version": "10.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.6.5",
"status": "affected",
"version": "10.6.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.9.0"
},
{
"status": "unaffected",
"version": "10.5.6"
},
{
"status": "unaffected",
"version": "9.11.16"
},
{
"status": "unaffected",
"version": "10.8.1"
},
{
"status": "unaffected",
"version": "10.7.3"
},
{
"status": "unaffected",
"version": "10.6.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "mrhashimamin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.5.x \u0026lt;= 10.5.5, 9.11.x \u0026lt;= 9.11.15, 10.8.x \u0026lt;= 10.8.0, 10.7.x \u0026lt;= 10.7.2, 10.6.x \u0026lt;= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the \u0027Manage Members\u0027 permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges.\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.5.x \u003c= 10.5.5, 9.11.x \u003c= 9.11.15, 10.8.x \u003c= 10.8.0, 10.7.x \u003c= 10.7.2, 10.6.x \u003c= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the \u0027Manage Members\u0027 permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T16:51:13.440Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.9.0, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.9.0, 10.5.6, 9.11.16, 10.8.1, 10.7.3, 10.6.6 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00446",
"defect": [
"https://mattermost.atlassian.net/browse/MM-62690"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-46702",
"datePublished": "2025-06-30T16:51:13.440Z",
"dateReserved": "2025-05-23T09:42:12.028Z",
"dateUpdated": "2025-06-30T20:49:08.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…