CVE-2023-5968: Mattermost password hash disclosure vulnerability

November 6, 2023 (updated November 8, 2023)

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

References

github.com/advisories/GHSA-r67m-mf7v-qp7j
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-5968

Detect and mitigate CVE-2023-5968 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →