CVE-2024-5272 – This vulnerability in Mattermost allows guest u... (How to Fix)

Q: How do I fix CVE-2024-5272?

1. Backup your Mattermost instance. 2. Download the patched version from Mattermost releases. 3. Stop Mattermost service. 4. Apply the update. 5. Restart Mattermost service. 6. Verify version is updated.

Q: What is the severity of CVE-2024-5272?

CVE-2024-5272 has a CVSS score of 4.3 (MEDIUM). This vulnerability in Mattermost allows guest users on channels with linked playbook runs to view all details of those runs when marked as finished. It affects organizations using Mattermost with guest accounts and playbook functionality, potentially exposing sensitive operational information.

📋 TL;DR

This vulnerability in Mattermost allows guest users on channels with linked playbook runs to view all details of those runs when marked as finished. It affects organizations using Mattermost with guest accounts and playbook functionality, potentially exposing sensitive operational information.

💻 Affected Systems

Products:

Mattermost

Versions: 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12

Operating Systems: All platforms running Mattermost

Default Config Vulnerable: ⚠️ Yes

Notes: Requires guest accounts enabled and playbook functionality with runs linked to channels.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Guest users could access sensitive playbook run details containing confidential operational data, internal processes, or security procedures.

🟠

Likely Case

Guest users unintentionally gain access to playbook run details they shouldn't see, potentially exposing internal workflows or sensitive information.

🟢

If Mitigated

Limited exposure with proper guest account controls and monitoring, but still represents an information disclosure risk.

🌐 Internet-Facing: MEDIUM - If Mattermost instance is internet-facing and guest accounts are enabled, external guests could exploit this.

🏢 Internal Only: MEDIUM - Internal guest users could access playbook details beyond their intended permissions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires guest account access to a channel with a linked playbook run that has been marked as finished.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.5.4, 9.6.2, 8.1.13 or later

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Backup your Mattermost instance. 2. Download the patched version from Mattermost releases. 3. Stop Mattermost service. 4. Apply the update. 5. Restart Mattermost service. 6. Verify version is updated.

🔧 Temporary Workarounds

Disable guest accounts

all

Temporarily disable guest account functionality to prevent exploitation

Edit config.json: set 'EnableGuestAccounts' to false

Restrict playbook run linking

all

Prevent linking playbook runs to channels with guest users

🧯 If You Can't Patch

Disable guest account functionality in Mattermost configuration
Implement strict access controls and monitoring for channels with linked playbook runs

🔍 How to Verify

Check if Vulnerable:

Check Mattermost version via System Console > About or run: mattermost version

Check Version:

mattermost version

Verify Fix Applied:

Verify version is 9.5.4+, 9.6.2+, or 8.1.13+ and test that guest users cannot access playbook run details

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to playbook run endpoints by guest users
Webhook event logs showing 'custom_playbooks_playbook_run_updated' access

Network Indicators:

Increased API calls to playbook endpoints from guest accounts

SIEM Query:

source='mattermost' AND (event='custom_playbooks_playbook_run_updated' OR endpoint LIKE '%playbook%') AND user_role='guest'

📊 Metadata

CVE ID: CVE-2024-5272

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

Published: May 26, 2024

Last Updated: September 30, 2025

🔗 References

https://mattermost.com/security-updates Vendor Advisory
https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5272, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Mattermost Server by Mattermost

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable guest accounts

Restrict playbook run linking

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities