CVE-2023-46701

Summary

Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 8.1.5affected
MattermostMattermost0 <= 9.0.3affected
MattermostMattermost0 <= 9.1.2affected
MattermostMattermost0 <= 9.2.1affected
MattermostMattermost9.2.2unaffected
MattermostMattermost8.1.6unaffected
MattermostMattermost9.0.4unaffected
MattermostMattermost9.1.3unaffected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References