Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.28 views

Mattermost Server < 7.8.12 / 8.0.x < 8.0.4 / 8.1.x < 8.1.3 / 9.0.0 Multiple Vulnerabilities (MMSA-2023-00240) (MMSA-2023-00242) (MMSA-2023-00246)

The version of Mattermost Server running on the remote host is prior to 7.8.12, 8.0.x prior to 8.0.3, 8.1.x prior to 8.1.3 or 9.0.0. It is, therefore, affected by multiple vulnerabilities: - Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request...

5.3CVSS5.2AI score0.00531EPSS
Exploits0References4
NVD
NVD
added 2023/11/06 4:15 p.m.19 views

CVE-2023-5968

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

4.9CVSS5.1AI score0.0051EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/06 3:35 p.m.28 views

CVE-2023-5968 Password hash in response body after username update

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

4.9CVSS5.5AI score0.0051EPSS
Exploits0References1
CVE
CVE
added 2023/11/06 3:35 p.m.77 views

CVE-2023-5968

Mattermost: CVE-2023-5968 is a vulnerability where the server fails to properly sanitize the user object during username updates, causing the password hash to be included in the response body. Affected data exposure is limited to the password hash disclosure in responses per the available documen...

4.9CVSS5.1AI score0.0051EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder