When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
CPE | Name | Operator | Version |
---|---|---|---|
mattermost | ge | 7.7.0 | |
mattermost | le | 7.7.3 | |
mattermost | ge | 7.8.0 | |
mattermost | le | 7.8.2 | |
mattermost | ge | 7.9.0 | |
mattermost | le | 7.9.1 | |
mattermost | eq | 7.10.0 |