Lucene search

[email protected]CVE-2023-46701

HistoryDec 12, 2023 - 9:15 a.m.

CVE-2023-46701

2023-12-1209:15:08

CWE-639

CWE-200

[email protected]

web.nvd.nist.gov

cve-2023-46701

mattermost

authorization checks

playbooks plugin

security vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.9%

JSON

Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID

CPENameOperatorVersion
mattermost:mattermost_servermattermost mattermost serverle7.8.14
mattermost:mattermost_servermattermost mattermost servereq3.7.2
mattermost:mattermost_servermattermost mattermost servereq5.14.3
mattermost:mattermost_servermattermost mattermost servereq7.8.3
mattermost:mattermost_servermattermost mattermost servereq4.8.0
mattermost:mattermost_servermattermost mattermost servereq4.4.3
mattermost:mattermost_servermattermost mattermost servereq5.25.0
mattermost:mattermost_servermattermost mattermost servereq5.22.3
mattermost:mattermost_servermattermost mattermost servereq5.26.2
mattermost:mattermost_servermattermost mattermost servereq5.29.0

CPE	Name	Operator	Version
mattermost:mattermost_server	mattermost mattermost server	le	7.8.14
mattermost:mattermost_server	mattermost mattermost server	eq	3.7.2
mattermost:mattermost_server	mattermost mattermost server	eq	5.14.3
mattermost:mattermost_server	mattermost mattermost server	eq	7.8.3
mattermost:mattermost_server	mattermost mattermost server	eq	4.8.0
mattermost:mattermost_server	mattermost mattermost server	eq	4.4.3
mattermost:mattermost_server	mattermost mattermost server	eq	5.25.0
mattermost:mattermost_server	mattermost mattermost server	eq	5.22.3
mattermost:mattermost_server	mattermost mattermost server	eq	5.26.2
mattermost:mattermost_server	mattermost mattermost server	eq	5.29.0

Rows per page:

1-10 of 3701

References

mattermost.com/security-updates

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.9%

JSON

Related for CVE-2023-46701

prion1 osv2 cvelist1 veracode1