CVE-2023-5968
published 2023-11-06CVE-2023-5968: Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
PriorityP423medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.51%
39.7th percentile
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 5.3.2-0.20230825233148-f787fd63368a | 5.3.2-0.20230825233148-f787fd63368a |
| github.com | mattermost_mattermost-server_v5 | >= 0 < 5.3.2-0.20230825233148-f787fd63368a | 5.3.2-0.20230825233148-f787fd63368a |
| github.com | mattermost_mattermost-server_v6 | >= 0 < 5.3.2-0.20230825233148-f787fd63368a | 5.3.2-0.20230825233148-f787fd63368a |
| github.com | mattermost_mattermost-server_v6 | >= 5.4.0-rc1 < 7.8.12 | 7.8.12 |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.0.0-20230825233148-f787fd63368a | 8.0.0-20230825233148-f787fd63368a |
| github.com | mattermost_mattermost_server_v8 | >= 8.0.0 < 8.0.4 | 8.0.4 |
| github.com | mattermost_mattermost_server_v8 | >= 8.1.0 < 8.1.3 | 8.1.3 |
| github.com | mattermost_mattermost_server_v8 | >= 9.0.0 < 9.0.1 | 9.0.1 |
| mattermost | mattermost | <= 7.8.11 | — |
| mattermost | mattermost | — | — |
| mattermost | mattermost | 8.0.0 – 8.0.3 | — |
| mattermost | mattermost | 8.1.0 – 8.1.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mattermost password hash disclosure vulnerability
ghsa·2023-11-06
CVE-2023-5968 [MEDIUM] CWE-116 Mattermost password hash disclosure vulnerability
Mattermost password hash disclosure vulnerability
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
OSV
Mattermost password hash disclosure vulnerability
osv·2023-11-06
CVE-2023-5968 [MEDIUM] Mattermost password hash disclosure vulnerability
Mattermost password hash disclosure vulnerability
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-06
Published