CVE-2023-2515

Mattermost Incorrect Authorization vulnerability in go/github.com/mattermost/mattermost-server/v6

Identifiers

GHSA-7g2v-2frm-rg94, CVE-2023-2515

Package Slug

go/github.com/mattermost/mattermost-server/v6

Vulnerability

Mattermost Incorrect Authorization vulnerability

Description

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin

Affected Versions

All versions before 7.1.8, all versions starting from 7.2.0 before 7.7.4, all versions starting from 7.8.0 before 7.8.3, all versions starting from 7.9.0 before 7.9.2

Solution

Upgrade to versions 7.1.8, 7.7.4, 7.8.3, 7.9.2 or above.

Last Modified

2023-05-15

source