cvedb.io
CVE-2023-2788
MEDIUM · CVSS 6.2
EPSS exploitation probability: 0%
Published 2023-06-16T09:15:09.993 · Last modified 2026-06-17T05:53:26.567

Summary

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.

Affected products

mattermost — mattermost

Does this affect you?

Add your gear to cvedb and we'll alert you only when mattermost ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.