CVE-2023-47865: Improper Access Control

November 27, 2023 (updated November 28, 2023)

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled

References

github.com/advisories/GHSA-jj46-9cgh-qmfx
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-47865

Code Behaviors & Features

Detect and mitigate CVE-2023-47865 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →