VYPR
High severityNVD Advisory· Published May 12, 2023· Updated Dec 6, 2024

Privilege escalation to system admin via personal access tokens

CVE-2023-2515

Description

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-server/v6Go
< 7.1.87.1.8
github.com/mattermost/mattermost-server/v6Go
>= 7.2.0, < 7.7.47.7.4
github.com/mattermost/mattermost-server/v6Go
>= 7.8.0, < 7.8.37.8.3
github.com/mattermost/mattermost-server/v6Go
>= 7.9.0, < 7.9.27.9.2

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.