Lucene search
GoogleOSV:BIT-MATTERMOST-2023-46701HistoryMar 06, 2024 - 10:58 a.m.
BIT-mattermost-2023-46701
2024-03-0610:58:47
Google
osv.dev
5
mattermost
playbooks
authorization
vulnerability
endpoint
limited information
post id
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID
| CPE | Name | Operator | Version |
|---|---|---|---|
| mattermost | ge | 9.1.1 | |
| mattermost | lt | 9.1.2 | |
| mattermost | lt | 9.2.1 | |
| mattermost | lt | 9.0.3 | |
| mattermost | ge | 9.2.0 | |
| mattermost | lt | 8.1.5 | |
| mattermost | ge | 8.0.0 | |
| mattermost | ge | 9.0.0 | |
| mattermost | lt | 7.8.14 |
References
Related
prion
prion
Authorization
2023-12-12 09:15:00
osv
osv
CVE-2023-46701
2023-12-12 09:15:08
veracode
veracode
Authorization Bypass
2024-03-18 17:42:19
cve
cve
CVE-2023-46701
2023-12-12 09:15:08
cvelist
cvelist
CVE-2023-46701 Inaccessible Post Information Leak via Run Timeline IDOR
2023-12-12 08:19:22
6.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
15.9%
Related for OSV:BIT-MATTERMOST-2023-46701