Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mattermost mattermost 7.1.7 |
||
mattermost mattermost 7.7.3 |
||
mattermost mattermost 7.8.2 |
||
mattermost mattermost 7.9.1 |