Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-12-12T08:23:17.299Z
Updated: 2023-12-12T08:23:17.299Z
Reserved: 2023-12-05T08:22:34.306Z
Link: CVE-2023-45316
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-12T09:15:07.740
Modified: 2023-12-14T18:58:08.837
Link: CVE-2023-45316
JSON object: View
Redhat Information
No data.