{"vulnerability": "CVE-2023-6727", "sightings": [{"uuid": "81b221b4-bef7-42c7-b322-d8e4fe2f87c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-6727", "type": "seen", "source": "https://t.me/ctinow/161686", "content": "https://ift.tt/Nw9RJGW\nCVE-2023-6727 | Mattermost up to 8.1.5/9.2.1 Playbook Action information disclosure", "creation_timestamp": "2024-01-02T11:31:28.000000Z"}, {"uuid": "9448c359-793e-4b49-b468-59009122f245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-6727", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17484", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-6727\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked.\u00a0\n\n\n\ud83d\udccf Published: 2023-12-12T10:53:02.127Z\n\ud83d\udccf Modified: 2025-05-24T10:25:36.906Z\n\ud83d\udd17 References:\n1. https://mattermost.com/security-updates", "creation_timestamp": "2025-05-24T10:45:00.000000Z"}]}