CVE-2023-46701
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mattermost | Mattermost | 0 <= 8.1.5 | affected |
| Mattermost | Mattermost | 0 <= 9.0.3 | affected |
| Mattermost | Mattermost | 0 <= 9.1.2 | affected |
| Mattermost | Mattermost | 0 <= 9.2.1 | affected |
| Mattermost | Mattermost | 9.2.2 | unaffected |
| Mattermost | Mattermost | 8.1.6 | unaffected |
| Mattermost | Mattermost | 9.0.4 | unaffected |
| Mattermost | Mattermost | 9.1.3 | unaffected |
Weaknesses
- CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.