Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
31 Aug 2023, 17:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://mattermost.com/security-updates - Vendor Advisory | |
CWE | CWE-74 | |
CPE | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:* |
|
First Time |
Mattermost mattermost Server
Mattermost |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
25 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-25 10:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4478
Mitre link : CVE-2023-4478
CVE.ORG link : CVE-2023-4478
JSON object : View
Products Affected
mattermost
- mattermost_server
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')