6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
25.1%
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attackerβs account is deactivated.
[
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "7.1.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.8.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "unaffected",
"version": "7.1.10"
},
{
"status": "unaffected",
"version": "7.8.5"
},
{
"status": "unaffected",
"version": "7.9.4"
},
{
"status": "unaffected",
"version": "7.10.1"
}
]
}
]