3 matches found
Mattermost Server < 7.8.5 / 7.9.x < 7.9.4 Improper Authorization (MMSA-2023-00157)
The version of Mattermost Server running on the remote host is prior to 7.8.5 or 7.9.x prior to 7.9.4. It is, therefore, affected by an improper authorization vulnerability. Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessi...
CVE-2023-2193 Oauth authorization codes do not expire when deauthorizing an oauth2 app
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token...
CVE-2023-2193
Mattermost OAuth2: CVE-2023-2193 describes a flaw where deauthorizing an OAuth2 app fails to invalidate existing authorization codes. An attacker who possesses a valid authorization code can use it to obtain an access token, enabling unauthorized access. Affected product: Mattermost Server (vario...