PT-2024-13907 · Mattermost · Mattermost

Leandro Chaves

Published

2024-01-02

Updated

2024-06-28

CVE-2023-50333

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to v8.1.7

Description The issue arises when a user is demoted to a guest, and the system fails to update the permissions of the current session, allowing these freshly demoted guests to change group names.

Recommendations For versions prior to v8.1.7, update to version v8.1.7 or later to resolve the issue. As a temporary workaround, consider restricting the ability of demoted guests to change group names until a patch is available.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BIT-MATTERMOST-2023-50333

CVE-2023-50333

GHSA-9W97-9RQX-8V4J

GO-2024-2444

Affected Products

Mattermost

PT-2024-13907 · Mattermost · Mattermost

CVE-2023-50333

Weakness Enumeration

Related Identifiers

Affected Products

References · 14