Mattermost fails to invalidate existing authorization... · CVE-2023-2193 · GitHub Advisory Database · GitHub

Mattermost fails to invalidate existing authorization...

Critical severity Unreviewed Published Apr 20, 2023 to the GitHub Advisory Database • Updated Apr 4, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.

References

Published by the National Vulnerability Database

Apr 20, 2023

Published to the GitHub Advisory Database Apr 20, 2023

Last updated Apr 4, 2024