CVE-2023-4107

Summary

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 7.8.7affected
MattermostMattermost0 <= 7.9.5affected
MattermostMattermost0 <= 7.10.3affected
MattermostMattermost7.8.8unaffected
MattermostMattermost7.9.6unaffected
MattermostMattermost7.10.4unaffected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References