CVE-2023-5968: Mattermost password hash disclosure vulnerability
(updated )
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
References
- github.com/advisories/GHSA-r67m-mf7v-qp7j
- github.com/mattermost/mattermost
- github.com/mattermost/mattermost/commit/698f4a97da564e2c1f2bf1fbd01755cefa3b7881
- github.com/mattermost/mattermost/pull/24362
- github.com/mattermost/mattermost/pull/24566
- mattermost.com/security-updates
- nvd.nist.gov/vuln/detail/CVE-2023-5968
Code Behaviors & Features
Detect and mitigate CVE-2023-5968 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →