Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
{ "severity": "High", "cpes": [ "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*" ] }