CVE-2023-46701

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 639

CWE ID 200

Summary

CVE-2023-46701: Mattermost's Playbooks plugin is vulnerable to information disclosure through the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint. Authorization checks are bypassed, enabling attackers to access limited details of a post if they possess the post ID. This issue may lead to potential information leakage within the affected Mattermost environment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tsPqBj
https://www.cve.org/CVERecord?id=CVE-2023-46701
https://nvd.nist.gov/vuln/detail/CVE-2023-46701

Back to Vulnerability Database

CVE-2023-46701

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations