Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-08-25T09:06:06.310Z
Updated: 2023-08-25T09:06:06.310Z
Reserved: 2023-08-22T11:45:27.863Z
Link: CVE-2023-4478
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-25T10:15:09.687
Modified: 2023-08-31T17:44:40.807
Link: CVE-2023-4478
JSON object: View
Redhat Information
No data.
CWE