3 matches found
CVE-2023-2784 Apps Framework allows install requests from regular members via an internal path
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps...
CVE-2023-2784 Apps Framework allows install requests from regular members via an internal path
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps...
CVE-2023-2784
Mattermost suffers from an authorization issue in the Apps install flow: the server does not verify whether the requestor is a sysadmin before accepting install requests to Apps, enabling regular users to initiate installation via the Apps API endpoint. This is documented across multiple sources ...