Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager CreditsPyae Phyo (pyae_phyo)Referenceshttps://mattermost.com/security-updates