CVE-2023-5968
Mattermost password hash disclosure vulnerability in go/github.com/mattermost/mattermost-server/v6
Identifiers
GHSA-r67m-mf7v-qp7j, CVE-2023-5968
Package Slug
go/github.com/mattermost/mattermost-server/v6
Vulnerability
Mattermost password hash disclosure vulnerability
Description
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
Affected Versions
All versions before 7.8.12
Solution
Upgrade to version 7.8.12 or above.
Last Modified
2023-11-09
| source |