Описание
Mattermost fails to properly invalidate personal access tokens upon user deactivation
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.
Пакеты
github.com/mattermost/mattermost/server/v8
>= 10.7.0-rc1, < 10.7.1
10.7.1
github.com/mattermost/mattermost/server/v8
>= 10.6.0-rc1, < 10.6.3
10.6.3
github.com/mattermost/mattermost/server/v8
>= 10.0.0-rc1, < 10.5.4
10.5.4
github.com/mattermost/mattermost/server/v8
>= 9.0.0-rc1, < 9.11.13
9.11.13
github.com/mattermost/mattermost/server/v8
< 8.0.0-20250402193107-65343f84a783
8.0.0-20250402193107-65343f84a783
Связанные уязвимости
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5 ...