Lucene search

[email protected]NVD:CVE-2023-6727

HistoryDec 12, 2023 - 11:15 a.m.

CVE-2023-6727

2023-12-1211:15:07

CWE-200

[email protected]

web.nvd.nist.gov

mattermost

authorization

playbook

vulnerability

authorization checks

playbook action

channel

keywords

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

14.0%

JSON

Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.

Affected configurations

Nvd

Node

mattermostmattermost_serverRange≤8.1.5

mattermostmattermost_serverRange9.2.0–9.2.1

VendorProductVersionCPE
mattermostmattermost_server*cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mattermost	mattermost_server	*	cpe:2.3:a:mattermost:mattermost_server::::::::

References

mattermost.com/security-updates

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

14.0%

JSON

Related for NVD:CVE-2023-6727

osv2 cvelist1 veracode1 prion1 cve1