Lucene search
GoogleOSV:GHSA-7G2V-2FRM-RG94HistoryMay 12, 2023 - 9:30 a.m.
Mattermost Incorrect Authorization vulnerability
2023-05-1209:30:15
Google
osv.dev
3
mattermost
authorization
vulnerability
system admin
access tokens
security
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
40.0%
Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
Related
cvelist
cvelist
cve
cve
CVE-2023-2515
2023-05-12 09:15:10
github
github
Mattermost Incorrect Authorization vulnerability
2023-05-12 09:30:15
osv
osv
CVE-2023-2515
2023-05-12 09:15:10
BIT-mattermost-2023-2515
2024-03-06 11:01:44
prion
prion
Code injection
2023-05-12 09:15:00
nvd
nvd
CVE-2023-2515
2023-05-12 09:15:10
veracode
veracode
Incorrect Authorization
2023-05-19 02:35:57
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
40.0%
Related for OSV:GHSA-7G2V-2FRM-RG94