Lucene search

GoogleOSV:CVE-2023-46701

HistoryDec 12, 2023 - 9:15 a.m.

CVE-2023-46701

2023-12-1209:15:08

Google

osv.dev

mattermost

playbooks

plugin

authorization

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID

CPENameOperatorVersion
mattermosteq9.1.1-rc1
mattermosteq9.1.2-rc1
mattermosteq9.0.1
mattermosteq9.0.3
mattermosteq9.1.2
mattermosteq9.0.1-rc1
mattermosteq9.0.3-rc1
mattermosteq9.1.1
mattermosteq9.2.0-rc2
mattermosteq9.0.2-rc1

Name	Operator	Version
mattermost	eq	9.1.1-rc1
mattermost	eq	9.1.2-rc1
mattermost	eq	9.0.1
mattermost	eq	9.0.3
mattermost	eq	9.1.2
mattermost	eq	9.0.1-rc1
mattermost	eq	9.0.3-rc1
mattermost	eq	9.1.1
mattermost	eq	9.2.0-rc2
mattermost	eq	9.0.2-rc1

Rows per page:

1-10 of 191

References

mattermost.com/security-updates

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for OSV:CVE-2023-46701