CVE-2023-4478

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

Published: Aug 25, 2023
Updated: Sep 1, 2023
CVE: CVE-2023-4478
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
mattermost / mattermost_server	7.9.0	7.10.5
mattermost / mattermost_server	-	7.8.9
mattermost / mattermost_server	8.0.0	8.0.0.x

https://mattermost.com/security-updates

Vulnerability Database

CVE-2023-4478