GHSA-7g2v-2frm-rg94

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-7g2v-2frm-rg94/GHSA-7g2v-2frm-rg94.json
Aliases
  • CVE-2023-2515
Published
2023-05-12T09:30:15Z
Modified
2023-05-23T22:39:22Z
Details

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin

References

Affected packages

Go / github.com/mattermost/mattermost-server/v6

github.com/mattermost/mattermost-server/v6

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
7.1.8

Affected versions

Go / github.com/mattermost/mattermost-server/v6

github.com/mattermost/mattermost-server/v6

Affected ranges

Type
SEMVER
Events
Introduced
7.2.0
Fixed
7.7.4

Affected versions

Go / github.com/mattermost/mattermost-server/v6

github.com/mattermost/mattermost-server/v6

Affected ranges

Type
SEMVER
Events
Introduced
7.8.0
Fixed
7.8.3

Affected versions

Go / github.com/mattermost/mattermost-server/v6

github.com/mattermost/mattermost-server/v6

Affected ranges

Type
SEMVER
Events
Introduced
7.9.0
Fixed
7.9.2

Affected versions