Vulnerabilities > CVE-2023-46701 - Authorization Bypass Through User-Controlled Key vulnerability in Mattermost Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID