Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. CreditsEva SarafianouReferenceshttps://mattermost.com/security-updates