Podatność CVE-2023-46701
Publikacja: 2023-12-12   Modyfikacja: 2023-12-14

Opis:
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID

Typ:

CWE-639

 (Authorization Bypass Through User-Controlled Key)

Affected software
Mattermost -> Mattermost server 

 Referencje:
https://mattermost.com/security-updates
Copyright 2024, cxsecurity.com

 

Back to Top