Lucene search
CVE-2023-27264
A missing permissions check in Mattermost Playbooks allows an attacker to modify playbooks via API
Show more
| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
 | CVE-2023-27264 IDOR: Updating a playbook via the Playbooks API | 27 Feb 202314:46 | – | cvelist |
 | CVE-2023-27264 | 27 Feb 202315:15 | – | nvd |
 | CVE-2023-27264 | 27 Feb 202315:15 | – | osv |
 | Design/Logic Flaw | 27 Feb 202315:15 | – | prion |
 | CVE-2023-27264 IDOR: Updating a playbook via the Playbooks API | 27 Feb 202314:46 | – | vulnrichment |
Node
OROROR
[
{
"defaultStatus": "unaffected",
"modules": [
"Playbooks"
],
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]| Source | Link |
|---|---|
| mattermost | www.mattermost.com/security-updates/ |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| playbookID | path | /plugins/playbooks/api/v0/playbooks/[playbookID] | Missing permissions check allows unauthorized modification of a playbook. | CWE-862 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo27 Feb 2023 15:15Current
6.5Medium risk
Vulners AI Score6.5
CVSS36.5 - 7.1
EPSS0.0004
SSVC