CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-2786 – Channel commands execution doesn't properly verify permissions
https://notcve.org/view.php?id=CVE-2023-2786
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2784 – Apps Framework allows install requests from regular members via an internal path
https://notcve.org/view.php?id=CVE-2023-2784
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2783 – App Framework does not checks for the secret provided in the incoming webhook request
https://notcve.org/view.php?id=CVE-2023-2783
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •