Lucene search

GoogleOSV:CVE-2023-27264

HistoryFeb 27, 2023 - 3:15 p.m.

CVE-2023-27264

2023-02-2715:15:11

Google

osv.dev

mattermost

playbooks

permissions check

api

modification

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.0%

JSON

A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.

CPENameOperatorVersion
mattermost-servereqcloud-2022-06-29-1
mattermost-servereq1.1.0
mattermost-servereq5.0.0
mattermost-servereq3.0.0
mattermost-servereq7.1.1
mattermost-servereq5.0.0-rc3
mattermost-servereq7.1.3
mattermost-servereq4.6.0-rc4
mattermost-servereqcloud-2022-10-27-1
mattermost-servereq5.0.1-rc1

Name	Operator	Version
mattermost-server	eq	cloud-2022-06-29-1
mattermost-server	eq	1.1.0
mattermost-server	eq	5.0.0
mattermost-server	eq	3.0.0
mattermost-server	eq	7.1.1
mattermost-server	eq	5.0.0-rc3
mattermost-server	eq	7.1.3
mattermost-server	eq	4.6.0-rc4
mattermost-server	eq	cloud-2022-10-27-1
mattermost-server	eq	5.0.1-rc1

Rows per page:

1-10 of 1351

References

mattermost.com/security-updates/

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for OSV:CVE-2023-27264