CVE-2023-2788
- Source
- https://cve.org/CVERecord?id=CVE-2023-2788
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2788.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-2788
- Published
- 2023-06-16T09:15:09.993Z
- Modified
- 2026-04-10T04:56:46.711891Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
- References
Affected packages
Git / github.com/mattermost/mattermost-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mattermost/mattermost-server
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.1.0" }, { "last_affected": "7.1.9" }, { "introduced": "7.8.0" }, { "last_affected": "7.8.4" }, { "introduced": "7.9.0" }, { "last_affected": "7.9.3" }, { "introduced": "0" }, { "last_affected": "7.10.0" } ] }
Affected versions
Other
cloud-2022-07-20-1
cloud-2022-08-10-1
cloud-2022-09-08-1
cloud-2022-10-06-1
cloud-2022-11-11-1
cloud-2022-11-24-1
cloud-2023-03-29-1
v0.*
v0.5.0
v4.*
v4.10.0-rc1
v4.2.0-rc1
v4.3.0-rc1
v4.4.0-rc1
v4.5.0-rc1
v4.6.0-rc1
v4.6.0-rc2
v4.7.0-rc1
v4.8.0-rc1
v4.9.0-rc1
v5.*
v5.0.0-rc1
v5.1.0-rc1
v5.2.0-rc1
v5.2.0-rc2
v7.*
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.1.7
v7.1.8
v7.1.9
v7.10.0
v7.8.0
v7.8.1
v7.8.2
v7.8.3
v7.8.4
v7.9.0
v7.9.1
v7.9.2
v7.9.3