CVE-2023-4478

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
References () https://mattermost.com/security-updates - Vendor Advisory () https://mattermost.com/security-updates - Vendor Advisory
CVSS v2 : unknown
v3 : 8.2
v2 : unknown
v3 : 4.3

31 Aug 2023, 17:44

Type Values Removed Values Added
CPE cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:*
References (MISC) https://mattermost.com/security-updates - (MISC) https://mattermost.com/security-updates - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.2
First Time Mattermost mattermost Server
Mattermost
CWE CWE-74

25 Aug 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-25 10:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4478

Mitre link : CVE-2023-4478

CVE.ORG link : CVE-2023-4478


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')