CVE-2023-5968
Mattermost password hash disclosure vulnerability in go/github.com/mattermost/mattermost/server/v8
Identifiers
GHSA-r67m-mf7v-qp7j, CVE-2023-5968
Package Slug
go/github.com/mattermost/mattermost/server/v8
Vulnerability
Mattermost password hash disclosure vulnerability
Description
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
Affected Versions
All versions starting from 8.0.0 before 8.0.4, all versions starting from 8.1.0 before 8.1.3, version 9.0.0
Solution
Upgrade to versions 8.0.4, 8.1.3, 9.0.1 or above.
Last Modified
2023-11-09
| source |