Dylan Haussermann

**Name of the Vulnerable Software and Affected Versions** Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 **Description** An issue exists in the OAuth authorization code redemption flow where client identity binding is not enforced. This allows an authenticated OAuth client to redeem authorization codes issued to a different client by using a crafted token exchange request. **Recommendations** Update versions 11.5.0 through 11.5.1 to a version later than 11.5.1. Update versions 10.11.0 through 10.11.13 to a version later than 10.11.13.