First published: Mon Feb 27 2023(Updated: )
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
Credit: responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | <=7.1.4 | |
Mattermost Mattermost | =7.4.0 | |
Mattermost Mattermost | =7.5.0 | |
Mattermost Mattermost | =7.5.1 |
Update Mattermost to version 7.5.2, 7.4.1, 7.1.5, or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-27264 is a vulnerability in Mattermost Playbooks that allows an attacker to modify a playbook via a specific API call.
CVE-2023-27264 can allow an attacker to modify a playbook in Mattermost, potentially leading to unauthorized access or malicious actions.
Mattermost versions 7.1.4, 7.4.0, 7.5.0, and 7.5.1 are affected by CVE-2023-27264.
CVE-2023-27264 has a severity rating of 6.5, which is considered high.
To fix CVE-2023-27264, it is recommended to update Mattermost to a version that has patched the vulnerability.