Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Vendor Advisory |
https://mattermost.com/security-updates | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://mattermost.com/security-updates - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
31 Aug 2023, 17:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:* |
|
References | (MISC) https://mattermost.com/security-updates - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
First Time |
Mattermost mattermost Server
Mattermost |
|
CWE | CWE-74 |
25 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-25 10:15
Updated : 2024-11-21 08:35
NVD link : CVE-2023-4478
Mitre link : CVE-2023-4478
CVE.ORG link : CVE-2023-4478
JSON object : View
Products Affected
mattermost
- mattermost_server
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')