GHSA-r67m-mf7v-qp7j, CVE-2023-5968
go/github.com/mattermost/mattermost-server/v6
Mattermost password hash disclosure vulnerability
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
All versions before 7.8.12
Upgrade to version 7.8.12 or above.
2023-11-09
source |