CVE-2023-2193

Summary

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 7.1.7affected
MattermostMattermost0 <= 7.7.3affected
MattermostMattermost0 <= 7.8.2affected
MattermostMattermost0 <= 7.9.1affected
MattermostMattermost7.10unaffected
MattermostMattermost7.9.3unaffected
MattermostMattermost7.8.4unaffected
MattermostMattermost7.7.5unaffected
MattermostMattermost7.1.9unaffected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References