Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-12-12T10:53:02.127Z
Updated: 2023-12-12T10:53:02.127Z
Reserved: 2023-12-12T10:48:31.631Z
Link: CVE-2023-6727
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-12T11:15:07.140
Modified: 2023-12-15T14:43:08.920
Link: CVE-2023-6727
JSON object: View
Redhat Information
No data.