Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CPE | Name | Operator | Version |
---|---|---|---|
mattermost | eq | 7.1.7 | |
mattermost | eq | 7.7.3 | |
mattermost | eq | 7.8.2 | |
mattermost | eq | 7.9.1 |