Lucene search

GoogleOSV:CVE-2023-4478

HistoryAug 25, 2023 - 10:15 a.m.

CVE-2023-4478

2023-08-2510:15:09

Google

osv.dev

mattermost

signup

attacker

inactive users

security issue

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

Mattermost fails to restrict which parameters’ values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

CPENameOperatorVersion
mattermosteq4.10.0-rc2
mattermosteq4.0.0
mattermosteq7.8.3
mattermosteq4.7.0-rc2
mattermosteq7.8.1
mattermosteq4.5.0-rc1
mattermosteqcloud-2022-08-10-1
mattermosteq4.4.0-rc1
mattermosteq4.3.0-rc1
mattermosteq5.1.0-rc3

Name	Operator	Version
mattermost	eq	4.10.0-rc2
mattermost	eq	4.0.0
mattermost	eq	7.8.3
mattermost	eq	4.7.0-rc2
mattermost	eq	7.8.1
mattermost	eq	4.5.0-rc1
mattermost	eq	cloud-2022-08-10-1
mattermost	eq	4.4.0-rc1
mattermost	eq	4.3.0-rc1
mattermost	eq	5.1.0-rc3

Rows per page:

1-10 of 1381

References

mattermost.com/security-updates

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:CVE-2023-4478