CVE-2023-5194

Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager

Credits

Pyae Phyo (pyae_phyo)

References