Lucene search
PRIOn knowledge basePRION:CVE-2023-2788HistoryJun 16, 2023 - 9:15 a.m.
Buffer overflow
2023-06-1609:15:00
PRIOn knowledge base
www.prio-n.com
1
buffer overflow
mattermost
admin privileges
oauth2
access token
persistent access
0.001 Low
EPSS
Percentile
25.1%
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker’s account is deactivated.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mattermost | ge | 7.9.0 | |
| mattermost | le | 7.9.3 | |
| mattermost | ge | 7.8.0 | |
| mattermost | le | 7.8.4 | |
| mattermost | ge | 7.1.0 | |
| mattermost | le | 7.1.9 | |
| mattermost | eq | 7.10.0 |
References
Related
veracode
veracode
Missing Authorization Checks
2023-06-28 06:04:12
osv
osv
CVE-2023-2788
2023-06-16 09:15:09
cvelist
cvelist
CVE-2023-2788 Deactivated user can retain access using oauth2 api
2023-06-16 08:58:15
nvd
nvd
CVE-2023-2788
2023-06-16 09:15:09
cnvd
cnvd
Mattermost Code Issue Vulnerability (CNVD-2023-55039)
2023-06-21 00:00:00
cve
cve
CVE-2023-2788
2023-06-16 09:15:09