3 matches found
CVE-2023-2515 Privilege escalation to system admin via personal access tokens
Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin...
CVE-2023-2515
Mattermost server vulnerability CVE-2023-2515 involves a failure to restrict a user’s ability to edit other users and to create personal access tokens, enabling privilege escalation to system admin. Connected sources point to the root cause as improper authorization in the createUserAccessToken f...
CVE-2023-2515 Privilege escalation to system admin via personal access tokens
Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin...