Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.

MEDIUM Jun 16, 2023

CVE-2023-2783

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.

MEDIUM Jun 16, 2023

Mattermost App Framework

Versions

7.9.4

v7.10.1

0

7.10.1

7.8.4

7.8.5

7.9.3

7.10.0

v7.9.4

v7.8.5

Recent CVEs

CVE-2023-2784

CVE-2023-2783