Improper Authorization

github.com/mattermost/mattermost/ is vulnerable to Improper Authorization. The vulnerability is caused when user receives updated permissions during active session. This freshly demoted guest can change group names...