Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Jun 2023, 17:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://mattermost.com/security-updates/ - Vendor Advisory | |
CPE | cpe:2.3:a:mattermost:mattermost:7.10.0:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Mattermost
Mattermost mattermost |
|
CWE | CWE-613 |
16 Jun 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-16 09:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-2788
Mitre link : CVE-2023-2788
CVE.ORG link : CVE-2023-2788
JSON object : View
Products Affected
mattermost
- mattermost