First published: Fri Jun 16 2023(Updated: )
Credit: responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | >=7.1.0<=7.1.9 | |
Mattermost Mattermost | >=7.8.0<=7.8.4 | |
Mattermost Mattermost | >=7.9.0<=7.9.3 | |
Mattermost Mattermost | =7.10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-2788.
The severity of CVE-2023-2788 is medium with a CVSS score of 6.5.
Mattermost fails to check if an admin user account is active after an oauth2 flow is started, allowing an attacker to retain persistent access.
An attacker with admin privileges can exploit this vulnerability.
Mattermost versions 7.1.0 to 7.1.9, 7.8.0 to 7.8.4, 7.9.0 to 7.9.3, and 7.10.0 are affected.