Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
github.com/mattermost/mattermost-server/v6
github.com/mattermost/mattermost-server/v6
github.com/mattermost/mattermost-server/v6