CVE-2023-5159: Mattermost Incorrect Authorization vulnerability

September 29, 2023

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.

References

github.com/advisories/GHSA-rp65-jpc7-8h8p
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-5159

Detect and mitigate CVE-2023-5159 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →