CVE-2023-50333

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 2, 2024
Updated: Jan 8, 2024
CWE ID 284

Summary

CVE-2023-50333: Mattermost's failure to update session permissions upon demoting a user to guest status allows freshly demoted guests to modify group names unintendedly. This vulnerability could potentially lead to unauthorized changes in group settings. Organizations utilizing Mattermost are advised to apply the necessary patch to mitigate this issue and prevent any potential misuse of this oversight.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share