nvd-json-data-feeds/CVE-2023/CVE-2023-67xx/CVE-2023-6727.json

{
  "id": "CVE-2023-6727",
  "sourceIdentifier": "responsibledisclosure@mattermost.com",
  "published": "2023-12-12T11:15:07.140",
  "lastModified": "2024-11-21T08:44:25.980",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.\u00a0\n\n"
    },
    {
      "lang": "es",
      "value": "Mattermost no realiza comprobaciones de autorizaci\u00f3n correctas al crear una acci\u00f3n del playbook, lo que permite a los usuarios sin acceso al playbook crear acciones del playbook. Si la acci\u00f3n del playbook creada es publicar un mensaje en un canal basado en palabras clave espec\u00edficas en una publicaci\u00f3n, se puede filtrar cierta informaci\u00f3n del playbook, como el nombre."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "responsibledisclosure@mattermost.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "responsibledisclosure@mattermost.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "8.1.5",
              "matchCriteriaId": "6FA74D02-6508-49A3-960F-22B84B6E5B51"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "9.2.0",
              "versionEndIncluding": "9.2.1",
              "matchCriteriaId": "D00348C4-CEE7-474E-BBDC-4A66D6BBA4C8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://mattermost.com/security-updates",
      "source": "responsibledisclosure@mattermost.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://mattermost.com/security-updates",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ]
    }
  ]
}