6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
25.1%
github.com/mattermost/mattermost is vulnerable to Missing Authorization Checks. The vulnerability allows allows an attacker with admin privileges to retain persistent access to the platform with an oauth2
access token, even when the attacker’s account is deactivated.
github.com/advisories/GHSA-4x9v-95w9-xp83
github.com/mattermost/mattermost/commit/169b94259d4a11a17f85a405be7d5f1e3d2af4aa
github.com/mattermost/mattermost/commit/764be50e128c9befee60f5a74ce1f86d7435d6c2
github.com/mattermost/mattermost/commit/af9dbfe0857a72607de20265dfe6db9351305c53
mattermost.com/security-updates/