Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-12-12T08:19:22.274Z
Updated: 2023-12-12T08:19:22.274Z
Reserved: 2023-12-05T08:22:34.302Z
Link: CVE-2023-46701
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-12T09:15:08.180
Modified: 2023-12-14T18:07:27.107
Link: CVE-2023-46701
JSON object: View
Redhat Information
No data.