What the vulnerability does
01Description
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager
CVE-2023-5194
LOW
CVE-2023-5194: A system/user manager can demote / deactivate another manager
CVSS base score
2.7/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Key dates
02Disclosure timeline
September 29, 2023
CVE published
September 5, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account
CVE-2024-38869 Incorrect Authorization
CVE-2026-21621 Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access
CVE-2025-66005 Lack of Authentication in the InputManager D-Bus interface
CVE-2024-31441 Arbitrary File Reading in DataEase
