Lucene search
PRIOn knowledge basePRION:CVE-2023-2791HistoryJun 16, 2023 - 9:15 a.m.
Code injection
2023-06-1609:15:00
PRIOn knowledge base
www.prio-n.com
5
code injection
mattermost
api
authenticated attacker
arbitrary channel post
security vulnerability
nvd
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mattermost | ge | 7.7.0 | |
| mattermost | le | 7.7.3 | |
| mattermost | ge | 7.8.0 | |
| mattermost | le | 7.8.2 | |
| mattermost | ge | 7.9.0 | |
| mattermost | le | 7.9.1 | |
| mattermost | eq | 7.10.0 |
References
Related
nvd
nvd
CVE-2023-2791
2023-06-16 09:15:10
osv
osv
CVE-2023-2791
2023-06-16 09:15:10
cvelist
cvelist
CVE-2023-2791 Playbooks lets you edit arbitrary posts
2023-06-16 08:59:16
cve
cve
CVE-2023-2791
2023-06-16 09:15:10
veracode
veracode
Missing Authorization
2023-06-28 04:44:34