| Summary | Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. |
|---|---|
| Publication Date | April 26, 2024, 6:15 p.m. |
| Registration Date | April 26, 2024, 8 p.m. |
| Last Update | April 26, 2024, 6:15 p.m. |