Lucene search
HistoryMay 12, 2023 - 9:15 a.m.
CVE-2023-2515
mattermost
privilege escalation
flaw
access control
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
40.0%
Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
Affected configurations
Node
mattermostmattermost_serverRange<7.1.8
ORmattermostmattermost_serverRange7.2.0–7.7.4
ORmattermostmattermost_serverRange7.8.0–7.8.3
ORmattermostmattermost_serverRange7.9.0–7.9.2
References
Related
cvelist
cvelist
cve
cve
CVE-2023-2515
2023-05-12 09:15:10
osv
osv
Mattermost Incorrect Authorization vulnerability
2023-05-12 09:30:15
CVE-2023-2515
2023-05-12 09:15:10
BIT-mattermost-2023-2515
2024-03-06 11:01:44
github
github
Mattermost Incorrect Authorization vulnerability
2023-05-12 09:30:15
prion
prion
Code injection
2023-05-12 09:15:00
veracode
veracode
Incorrect Authorization
2023-05-19 02:35:57
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
40.0%
Related for NVD:CVE-2023-2515