CVE-2023-5968

Published: Nov 6, 2023
Updated: May 10, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-5968" target="_blank" rel="noopener"> CVE-2023-5968
GHSA: <a href="https://github.com/advisories/GHSA-r67m-mf7v-qp7j" target="_blank" rel="noopener"> GHSA-r67m-mf7v-qp7j
Severity: Low
Exploit:

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

CVSS v3:

CWEs:

Software	From	Fixed in
github.com/mattermost/mattermost-server/v6	-	7.8.12
github.com/mattermost/mattermost/server/v8	8.0.0	8.0.4
github.com/mattermost/mattermost/server/v8	8.1.0	8.1.3
github.com/mattermost/mattermost/server/v8	9.0.0	9.0.0.x
github.com/mattermost/mattermost/server/v8	9.0.0	9.0.1
mattermost / mattermost	-	7.8.11.x
mattermost / mattermost	8.0.0	8.0.3.x
mattermost / mattermost	8.1.0	8.1.2.x
mattermost / mattermost	9.0.0	9.0.0.x