CVE-2023-46701
12.12.2023, 09:15
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post IDEnginsight
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 𝑥 ≤ 7.8.14 |
| mattermost | mattermost_server | 8.0.0 ≤ 𝑥 ≤ 8.1.5 |
| mattermost | mattermost_server | 9.0.0 ≤ 𝑥 ≤ 9.0.3 |
| mattermost | mattermost_server | 9.1.1 ≤ 𝑥 ≤ 9.1.2 |
| mattermost | mattermost_server | 9.2.0 ≤ 𝑥 ≤ 9.2.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-639 - Authorization Bypass Through User-Controlled KeyThe system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.