Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
References
History

Fri, 06 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-04-20T08:17:04.731Z

Updated: 2024-12-06T23:04:57.399Z

Reserved: 2023-04-20T08:16:27.253Z

Link: CVE-2023-2193

cve-icon Vulnrichment

Updated: 2024-08-02T06:12:20.643Z

cve-icon NVD

Status : Modified

Published: 2023-04-20T09:15:10.603

Modified: 2024-11-21T07:58:07.110

Link: CVE-2023-2193

cve-icon Redhat

No data.