CVE-2023-2515

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-2515

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2515.json

Aliases

BIT-mattermost-2023-2515
GHSA-7g2v-2frm-rg94

Published

2023-05-12T09:15:10Z

Modified

2023-12-06T01:02:53.144803Z

Details

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

87cbeafd363557615354cdf622adf3929f73e561

Fixed

c01c4a46b1bad277c57528b7288e4bb313b87360

Introduced

c4d8c1450ab2b9538bbc2690ca1ee865567a5888

Introduced

f14c24391ca84740d90a29ec8b67579326eaa236