CVE-2023-2193

MEDIUM

Mattermost - Missing Authorization via OAuth2 App Deauthorization

Title source: llm

Description

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.

References (1)

Core 1

Core References

Vendor Advisory

https://mattermost.com/security-updates/

Scores

CVSS v3 6.5

EPSS 0.0027

EPSS Percentile 50.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-862

Status published

Products (4)

mattermost/mattermost 7.1.7

mattermost/mattermost 7.7.3

mattermost/mattermost 7.8.2

mattermost/mattermost 7.9.1

Published Apr 20, 2023

Tracked Since Feb 18, 2026