Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
CPE | Name | Operator | Version |
---|---|---|---|
mattermost | le | 7.8.11 | |
mattermost | ge | 8.0.0 | |
mattermost | le | 8.0.3 | |
mattermost | ge | 8.1.0 | |
mattermost | le | 8.1.2 | |
mattermost | eq | 9.0.0 |