Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
References
History

Fri, 06 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-06-16T08:58:15.392Z

Updated: 2024-12-06T23:00:50.221Z

Reserved: 2023-05-18T11:58:33.058Z

Link: CVE-2023-2788

cve-icon Vulnrichment

Updated: 2024-08-02T06:33:05.778Z

cve-icon NVD

Status : Modified

Published: 2023-06-16T09:15:09.993

Modified: 2024-11-21T07:59:17.493

Link: CVE-2023-2788

cve-icon Redhat

No data.