Description
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.

Published: 2023-06-16
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Update Mattermost to version v7.7.4, v7.8.3, v7.9.2, v7.10.1, or higher.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-34247 When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
References
Link Providers
https://mattermost.com/security-updates/ cve-icon cve-icon
History

Fri, 06 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Mattermost Mattermost
cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2024-12-06T23:00:39.136Z

Reserved: 2023-05-18T12:09:01.562Z

Link: CVE-2023-2791

cve-icon Vulnrichment

Updated: 2024-08-02T06:33:05.480Z

cve-icon NVD

Status : Modified

Published: 2023-06-16T09:15:10.060

Modified: 2024-11-21T07:59:17.860

Link: CVE-2023-2791

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses