Lucene search

GoogleOSV:BIT-MATTERMOST-2023-46701

HistoryMar 06, 2024 - 10:58 a.m.

BIT-mattermost-2023-46701

2024-03-0610:58:47

Google

osv.dev

mattermost

playbooks

authorization

vulnerability

endpoint

limited information

post id

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID

CPENameOperatorVersion
mattermostge9.2.0
mattermostge8.0.0
mattermostge9.1.1
mattermostlt9.2.1
mattermostlt8.1.5
mattermostlt9.1.2
mattermostge9.0.0
mattermostlt7.8.14
mattermostlt9.0.3

Name	Operator	Version
mattermost	ge	9.2.0
mattermost	ge	8.0.0
mattermost	ge	9.1.1
mattermost	lt	9.2.1
mattermost	lt	8.1.5
mattermost	lt	9.1.2
mattermost	ge	9.0.0
mattermost	lt	7.8.14
mattermost	lt	9.0.3

References

mattermost.com/security-updates

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for OSV:BIT-MATTERMOST-2023-46701