3 matches found
CVE-2023-6727
Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, lik...
CVE-2023-6727 Leak Inaccessible Playbook Information via Channel Action IDOR
Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, lik...
CVE-2023-6727
Mattermost CVE-2023-6727 describes an authorization flaw in the playbooks feature where creating a playbook action can be performed by users without playbook access. The flaw can lead to leakage of sensitive playbook information (e.g., the playbook name) when actions are configured to post messag...