3 matches found
CVE-2023-46701
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID...
CVE-2023-46701 Inaccessible Post Information Leak via Run Timeline IDOR
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID...
CVE-2023-46701
Summary (CVE-2023-46701): Mattermost’s Playbooks plugin has an authorization check failure in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint, allowing an attacker to access limited information about a post if they know the post ID. Concrete details across connected sources con...