Описание
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mattermost:mattermost:7.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:7.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:7.9.1:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00118
Низкий
6.5 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-862
CWE-862
Связанные уязвимости
CVSS3: 6.5
debian
около 2 лет назад
Mattermost fails to invalidate existing authorization codes when deaut ...
CVSS3: 6.5
github
около 2 лет назад
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
EPSS
Процентиль: 32%
0.00118
Низкий
6.5 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-862
CWE-862