Lucene search

[email protected]CVE-2023-6727

HistoryDec 12, 2023 - 11:15 a.m.

CVE-2023-6727

2023-12-1211:15:07

NVD-CWE-noinfo

CWE-200

[email protected]

web.nvd.nist.gov

mattermost

authorization

playbook

cve-2023-6727

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.3 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.

CPENameOperatorVersion
mattermost:mattermost_servermattermost mattermost serverle8.1.5
mattermost:mattermost_servermattermost mattermost servereq3.7.2
mattermost:mattermost_servermattermost mattermost servereq5.14.3
mattermost:mattermost_servermattermost mattermost servereq7.8.3
mattermost:mattermost_servermattermost mattermost servereq4.8.0
mattermost:mattermost_servermattermost mattermost servereq8.0.1
mattermost:mattermost_servermattermost mattermost servereq4.4.3
mattermost:mattermost_servermattermost mattermost servereq5.25.0
mattermost:mattermost_servermattermost mattermost servereq5.22.3
mattermost:mattermost_servermattermost mattermost servereq5.26.2

CPE	Name	Operator	Version
mattermost:mattermost_server	mattermost mattermost server	le	8.1.5
mattermost:mattermost_server	mattermost mattermost server	eq	3.7.2
mattermost:mattermost_server	mattermost mattermost server	eq	5.14.3
mattermost:mattermost_server	mattermost mattermost server	eq	7.8.3
mattermost:mattermost_server	mattermost mattermost server	eq	4.8.0
mattermost:mattermost_server	mattermost mattermost server	eq	8.0.1
mattermost:mattermost_server	mattermost mattermost server	eq	4.4.3
mattermost:mattermost_server	mattermost mattermost server	eq	5.25.0
mattermost:mattermost_server	mattermost mattermost server	eq	5.22.3
mattermost:mattermost_server	mattermost mattermost server	eq	5.26.2

Rows per page:

1-10 of 3741

References

mattermost.com/security-updates

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.3 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-6727

osv2 prion1 veracode1 cvelist1