CVE-2023-4478

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:*

History

31 Aug 2023, 17:44

Type Values Removed Values Added
References (MISC) https://mattermost.com/security-updates - (MISC) https://mattermost.com/security-updates - Vendor Advisory
CWE CWE-74
CPE cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:*
First Time Mattermost mattermost Server
Mattermost
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.2

25 Aug 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-25 10:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4478

Mitre link : CVE-2023-4478

CVE.ORG link : CVE-2023-4478


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')