Lucene search
+L

32 matches found

OSV
OSV
added 2026/03/23 6:16 p.m.6 views

GO-2026-4812 Mattermost fails to verify run_create permission for empty playbookId in github.com/mattermost/mattermost-plugin-playbooks

Mattermost fails to verify runcreate permission for empty playbookId in github.com/mattermost/mattermost-plugin-playbooks...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-24659

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00706EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-24843

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.0056EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-50887

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-31042

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00502EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-51398

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00726EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/30 4:51 p.m.2 views

CVE-2025-46702 Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS6.5AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/30 4:51 p.m.20 views

CVE-2025-46702 Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...

5.4CVSS0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/30 4:51 p.m.20 views

CVE-2025-47871 Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive informatio...

4.3CVSS0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.5 views

CVE-2023-27264

A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/playbookID API...

7.1CVSS6.8AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:48 a.m.5 views

CVE-2022-4019

A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints...

6.5CVSS6.5AI score0.00726EPSS
Exploits0References1
OSV
OSV
added 2025/04/24 6:14 p.m.17 views

GO-2025-3644 Mattermost Playbooks fails to properly validate permissions in github.com/mattermost/mattermost-plugin-playbooks

Mattermost Playbooks fails to properly validate permissions in github.com/mattermost/mattermost-plugin-playbooks. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

4.3CVSS6.7AI score0.00244EPSS
Exploits0References5
OSV
OSV
added 2025/04/24 6:14 p.m.16 views

GO-2025-3643 Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks

Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

7.5CVSS6.7AI score0.00345EPSS
Exploits0References5
OSV
OSV
added 2025/04/24 6:14 p.m.18 views

GO-2025-3642 Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks

Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module...

7.5CVSS6.7AI score0.00428EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/04/24 9:30 a.m.24 views

Mattermost Playbooks fails to properly validate permissions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without...

4.3CVSS6.8AI score0.00244EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/04/24 9:30 a.m.24 views

Mattermost Playbooks fails to validate the uniqueness and quantity of task actions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

7.5CVSS6.7AI score0.00345EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2025/04/24 9:30 a.m.18 views

Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of servi...

7.5CVSS6.7AI score0.00428EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2025/04/24 6:50 a.m.11 views

CVE-2025-41423 Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without...

3.1CVSS6.9AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/24 6:50 a.m.37 views

CVE-2025-41423 Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without...

3.1CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/12 8:23 a.m.4 views

CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks

Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...

7.3CVSS6.7AI score0.00309EPSS
Exploits0References1
Rows per page
Query Builder