CVE-2023-27264
First published: Mon Feb 27 2023(Updated: )
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
Credit: responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost | <=7.1.4 | |
| Mattermost Mattermost | =7.4.0 | |
| Mattermost Mattermost | =7.5.0 | |
| Mattermost Mattermost | =7.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-27264?
CVE-2023-27264 is a vulnerability in Mattermost Playbooks that allows an attacker to modify a playbook via a specific API call.
How does CVE-2023-27264 impact Mattermost?
CVE-2023-27264 can allow an attacker to modify a playbook in Mattermost, potentially leading to unauthorized access or malicious actions.
Which versions of Mattermost are affected by CVE-2023-27264?
Mattermost versions 7.1.4, 7.4.0, 7.5.0, and 7.5.1 are affected by CVE-2023-27264.
What is the severity rating of CVE-2023-27264?
CVE-2023-27264 has a severity rating of 6.5, which is considered high.
How can I fix CVE-2023-27264?
To fix CVE-2023-27264, it is recommended to update Mattermost to a version that has patched the vulnerability.
- collector/nvd-index
- agent/weakness
- vendor/mattermost
- canonical/mattermost mattermost
- version/mattermost mattermost/7.1.4
- version/mattermost mattermost/7.4.0
- version/mattermost mattermost/7.5.0
- version/mattermost mattermost/7.5.1