When creating a playbook run via the /dialog API,...
Moderate severity
Unreviewed
Published
Jun 16, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jun 16, 2023
Published to the GitHub Advisory Database
Jun 16, 2023
Last updated
Apr 4, 2024
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
References