CVE-2023-2515

Summary

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 7.1.7affected
MattermostMattermost0 <= 7.7.3affected
MattermostMattermost0 <= 7.8.2affected
MattermostMattermost0 <= 7.9.1affected
MattermostMattermost7.1.8unaffected
MattermostMattermost7.7.4unaffected
MattermostMattermost7.8.3unaffected
MattermostMattermost7.9.2unaffected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References