Podatność CVE-2023-45316


Publikacja: 2023-12-12   Modyfikacja: 2023-12-14

Opis:
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.

Typ:

CWE-352

(Cross-Site Request Forgery (CSRF))

Affected software
Mattermost -> Mattermost server 

 Referencje:
https://mattermost.com/security-updates

Copyright 2024, cxsecurity.com

 

Back to Top