Playbooks
by Mattermost
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46701 | 0.00 | — | 0.00 | Dec 12, 2023 | Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID | |||
| CVE-2023-45847 | 0.00 | — | 0.01 | Dec 12, 2023 | Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin | |||
| CVE-2023-27264 | 0.00 | — | 0.01 | Feb 27, 2023 | A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | |||
| CVE-2022-4019 | 0.00 | — | 0.01 | Nov 23, 2022 | A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. | |||
| CVE-2022-1548 | 0.00 | — | 0.01 | May 3, 2022 | Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. | |||
| CVE-2022-1333 | 0.00 | — | 0.01 | Apr 13, 2022 | Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of… |
- CVE-2023-46701Dec 12, 2023risk 0.00cvss —epss 0.00
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID
- CVE-2023-45847Dec 12, 2023risk 0.00cvss —epss 0.01
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin
- CVE-2023-27264Feb 27, 2023risk 0.00cvss —epss 0.01
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
- CVE-2022-4019Nov 23, 2022risk 0.00cvss —epss 0.01
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.
- CVE-2022-1548May 3, 2022risk 0.00cvss —epss 0.01
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.
- CVE-2022-1333Apr 13, 2022risk 0.00cvss —epss 0.01
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of…