A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates/ |
History
Fri, 06 Dec 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-02-27T14:44:52.790Z
Updated: 2024-12-06T23:07:00.432Z
Reserved: 2023-02-27T14:31:01.786Z
Link: CVE-2023-27263
Vulnrichment
Updated: 2024-08-02T12:09:43.394Z
NVD
Status : Modified
Published: 2023-02-27T15:15:11.837
Modified: 2024-11-21T07:52:33.383
Link: CVE-2023-27263
Redhat
No data.