Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates/ |
History
Fri, 06 Dec 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-06-16T08:58:15.392Z
Updated: 2024-12-06T23:00:50.221Z
Reserved: 2023-05-18T11:58:33.058Z
Link: CVE-2023-2788
Vulnrichment
Updated: 2024-08-02T06:33:05.778Z
NVD
Status : Modified
Published: 2023-06-16T09:15:09.993
Modified: 2024-11-21T07:59:17.493
Link: CVE-2023-2788
Redhat
No data.