CVE-2023-6727

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Dec 15, 2023

CWE ID 200

Summary

CVE-2023-6727 is a vulnerability in Mattermost that allows unauthorized users to create playbook actions. Despite lacking the necessary permissions for the playbook, these users can bypass authorization checks. If the newly created playbook action involves posting a message in a channel based on specific keywords, sensitive playbook information, such as the name, may be exposed. This issue could lead to unintended information disclosure, making it essential for Mattermost users to promptly apply the available patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/txwwLj
https://www.cve.org/CVERecord?id=CVE-2023-6727
https://nvd.nist.gov/vuln/detail/CVE-2023-6727

Back to Vulnerability Database

CVE-2023-6727

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations