CVE-2023-50333: Improper Access Control

January 2, 2024 (updated January 3, 2024)

Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.

References

github.com/advisories/GHSA-9w97-9rqx-8v4j
github.com/mattermost/mattermost/commit/61dd452fb2fcd3ac6f7b2e050f7f0a93a92d95fc
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-50333

Detect and mitigate CVE-2023-50333 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →