Missing Authorization Affecting github.com/mattermost/mattermost-server/app package, versions >=7.8.0 <7.8.5>=7.9.0 <7.9.4>=7.10.0 <7.10.1


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.06% (27th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-GITHUBCOMMATTERMOSTMATTERMOSTSERVERAPP-5711913
  • published18 Jun 2023
  • disclosed18 Jun 2023
  • creditwhitehattushu

Introduced: 18 Jun 2023

CVE-2023-2788  (opens in a new tab)
CWE-862  (opens in a new tab)

How to fix?

Upgrade github.com/mattermost/mattermost-server/app to version 7.8.5, 7.9.4, 7.10.1 or higher.

Overview

github.com/mattermost/mattermost-server/app is an open source Slack-alternative in Golang and React.

Affected versions of this package are vulnerable to Missing Authorization for deactivated admin user accounts, which remain active after an oauth2 flow is started, allowing such users to retain access by obtaining an oauth2 access token after the account has been deactivated.

CVSS Scores

version 3.1