CVE-2023-4107 Information

Description

Mattermost fails to properly validate the requesting user permissions when updating a system admin allowing a user manager to update a system admin’s details such as email first name and last name.

Reference

https://mattermost.com/security-updates