VYPR
Unrated severityNVD Advisory· Published Jun 16, 2023· Updated Dec 6, 2024

Deactivated user can retain access using oauth2 api

CVE-2023-2788

Description

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.