Vulnerabilities > CVE-2023-2515 - Incorrect Authorization vulnerability in Mattermost Server

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mattermost
CWE-863

Summary

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin

Vulnerable Configurations

Part Description Count
Application
Mattermost
652

Common Weakness Enumeration (CWE)