Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Oauth authorization codes do not expire when deauthorizing an oauth2 app
Vulnerability Description
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost存在安全漏洞,该漏洞源于取消对 OAuth2 应用程序的授权时,现有授权码无效,从而允许拥有授权码的攻击者生成访问令牌。
CVSS Information
N/A
Vulnerability Type
N/A