CVE-2023-6547 LOW

CVE-2023-6547: Playbooks access/modification by removed team member

Vendor Mattermost

Product Mattermost

Weakness CWE-284

Published December 12, 2023

Last update May 12, 2025

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.

Key dates

02Disclosure timeline

December 12, 2023 CVE published

May 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6547

Related vulnerabilities

Identifiers

CVE CVE-2023-6547

CWE CWE-284

CVSS 3.7 / LOW

Affected versions

Vendor Mattermost

Product Mattermost

Affected ≤ 8.1.5

Vendor Mattermost

Product Mattermost

Affected ≤ 9.2.1

CVE-2023-6547: Playbooks access/modification by removed team member

01Description

02Disclosure timeline

03References

04Related CVE