5 matches found
CVE-2023-45316
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-45316
creationtimestamp| type| source ---|---|--- 2024-01-02 10:07:00+00:00| seen| https://t.me/ctinow/161639 2025-05-24 10:44:59+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17483...
CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-45316
Mattermost is affected by a path traversal CSRF vulnerability in the Playbooks telemetry endpoint. The issue arises from insufficient validation of a relative path passed to /plugins/playbooks/api/v0/telemetry/run/, enabling an attacker to craft a path traversal payload that points to a different...