CVE-2023-5968

EPSS 0.14%
Veröffentlicht 06.11.2023 16:15:42
Zuletzt bearbeitet 21.11.2024 08:42:53
Quelle responsibledisclosure@mattermo
Teams Watchlist Login
Unerledigt Login

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mattermost ≫ Mattermost Version <= 7.8.11

Mattermost ≫ Mattermost Version >= 8.0.0 <= 8.0.3

Mattermost ≫ Mattermost Version >= 8.1.0 <= 8.1.2

Mattermost ≫ Mattermost Version9.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.358

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
responsibledisclosure@mattermost.com	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-116 Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://mattermost.com/security-updates

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5968

EUVD