Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-12-12T08:22:41.419Z
Updated: 2023-12-12T08:22:41.419Z
Reserved: 2023-12-06T08:47:19.482Z
Link: CVE-2023-6547
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-12T09:15:09.857
Modified: 2023-12-14T19:31:10.497
Link: CVE-2023-6547
JSON object: View
Redhat Information
No data.
CWE