VYPR
Low severityNVD Advisory· Published Jan 2, 2024· Updated Jun 17, 2025

Lack of restriction to manage group names for freshly demoted guests

CVE-2023-50333

Description

Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
< 8.1.78.1.7

Affected products

41

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.