Lucene search

GoogleOSV:CVE-2023-2193

HistoryApr 20, 2023 - 9:15 a.m.

CVE-2023-2193

2023-04-2009:15:10

Google

osv.dev

mattermost

oauth2

authorization code

access token

security issue

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.5%

JSON

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.

CPENameOperatorVersion
mattermost-servereq4.0.0
mattermost-servereq4.5.2
mattermost-servereq3.0.3
mattermost-servereq5.0.0
mattermost-servereq5.1.0
mattermost-servereq5.2.0-rc6
mattermost-servereq4.9.0
mattermost-servereq4.8.0-rc2
mattermost-servereq4.7.2
mattermost-servereq1.3.0

Name	Operator	Version
mattermost-server	eq	4.0.0
mattermost-server	eq	4.5.2
mattermost-server	eq	3.0.3
mattermost-server	eq	5.0.0
mattermost-server	eq	5.1.0
mattermost-server	eq	5.2.0-rc6
mattermost-server	eq	4.9.0
mattermost-server	eq	4.8.0-rc2
mattermost-server	eq	4.7.2
mattermost-server	eq	1.3.0

Rows per page:

1-10 of 1471

References

mattermost.com/security-updates/

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for OSV:CVE-2023-2193