Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-06-16T08:58:15.392Z
Updated: 2024-08-02T06:33:05.778Z
Reserved: 2023-05-18T11:58:33.058Z
Link: CVE-2023-2788
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-06-16T09:15:09.993
Modified: 2023-06-26T17:47:39.027
Link: CVE-2023-2788
Redhat
No data.