4 matches found
EUVD-2023-49610
Malicious code in bioql PyPI...
CVE-2023-45316
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack...
CVE-2023-45316
Mattermost is affected by a path traversal CSRF vulnerability in the Playbooks telemetry endpoint. The issue arises from insufficient validation of a relative path passed to /plugins/playbooks/api/v0/telemetry/run/, enabling an attacker to craft a path traversal payload that points to a different...