Mattermost App Framework vulnerabilities

CVE-2023-2783 [MEDIUM] CWE-862 CVE-2023-2783: Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request all Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.

CVE-2023-2784 [MEDIUM] CWE-862 CVE-2023-2784: Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.