CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1548 – Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
https://notcve.org/view.php?id=CVE-2022-1548
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. El plugin Mattermost Playbooks versiones 1.25 y anteriores, no restringe apropiadamente los permisos a nivel de usuario, lo que permite a miembros de Playbooks escalar sus privilegios de pertenencia y llevar a cabo acciones restringidas a los administradores de Playbooks • https://mattermost.com/security-updates • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1333 – A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
https://notcve.org/view.php?id=CVE-2022-1333
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service. El plugin Mattermost Playbooks versiones v1.24.0 y anteriores, no comprueba correctamente el límite del número de webhooks, lo que permite a usuarios autenticados y autorizados crear un Playbook específicamente redactado que podría desencadenar una gran cantidad de peticiones de webhooks conllevando a una Denegación de Servicio • https://mattermost.com/security-updates • CWE-770: Allocation of Resources Without Limits or Throttling •