Описание
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mattermost-server | itp | package |
EPSS
Процентиль: 37%
0.00162
Низкий
Связанные уязвимости
CVSS3: 6.5
nvd
почти 3 года назад
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVSS3: 6.5
github
почти 3 года назад
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
EPSS
Процентиль: 37%
0.00162
Низкий