CVE-2023-50333

🗓️ 02 Jan 2024 09:53:01Reported by MattermostType

Mattermost update permission issue for demoted user

Reporter	Title	Published	Views	Family All 21
Chainguard	CVE-2023-50333 vulnerabilities	1 May 202507:14	–	cgr
Circl	CVE-2023-50333	2 Jan 202411:26	–	circl
CNNVD	Mattermost Security Vulnerabilities	2 Jan 202400:00	–	cnnvd
Cvelist	CVE-2023-50333 Lack of restriction to manage group names for freshly demoted guests	2 Jan 202409:53	–	cvelist
EUVD	EUVD-2024-0319	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost allows demoted guests to change group names	2 Jan 202412:30	–	github
NVD	CVE-2023-50333	2 Jan 202410:15	–	nvd
OSV	BIT-MATTERMOST-2023-50333	6 Mar 202410:57	–	osv
OSV	CGA-28FJ-7RMV-XW55	24 Jun 202414:34	–	osv
OSV	CGA-7Q4C-CQWG-26GH	25 Sep 202401:52	–	osv

NVD

Node

mattermost mattermost_serverRange<8.1.7

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "9.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.1.6",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "8.1.7"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

21 Nov 2024 08:36Current

4.5Medium risk

Vulners AI Score4.5

CVSS 3.13.7 - 4.3

EPSS0.00071

SSVC

CWE-284