OAuth2 Authorization Code Invalidation Vulnerability in Mattermost

OAuth2 Authorization Code Invalidation Vulnerability in Mattermost

CVE-2023-2193 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.

Learn more about our Web Application Penetration Testing UK.