What the vulnerability does
01Description
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
CVE-2023-5195
MEDIUM
CVE-2023-5195: A team member can soft delete other teams that they are not part of
CVSS base score
6.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Key dates
02Disclosure timeline
September 29, 2023
CVE published
September 5, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API
CVE-2021-24851 Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access
CVE-2022-1401 Insufficient validation of provided paths in Exago WrImageResource.axd
CVE-2023-4107 Incorrect authorization allows a user manager to update a system admin
CVE-2026-25568 WeKan < 8.19 allowPrivateOnly Setting Enforcement Bypass
