Sensitive Data Exposure

2023-11-0706:32:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mattermost

sensitive information

exposure

vulnerability

password hash

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.1%

JSON

Mattermost is vulnerable to Sensitive Information Exposure. The vulnerability is due to the failure to properly sanitize the user object when updating the username, which results in the password hash being disclosed in the response body.

CPENameOperatorVersion
github.com/mattermost/mattermostlev8.1.2
github.com/mattermost/mattermostlev9.0.0
github.com/mattermost/mattermostlev8.0.3
github.com/mattermost/mattermostlev7.8.11
github.com/mattermost/mattermostlev8.1.2
github.com/mattermost/mattermostlev9.0.0
github.com/mattermost/mattermostlev8.0.3
github.com/mattermost/mattermostlev7.8.11

Name	Operator	Version
github.com/mattermost/mattermost	le	v8.1.2
github.com/mattermost/mattermost	le	v9.0.0
github.com/mattermost/mattermost	le	v8.0.3
github.com/mattermost/mattermost	le	v7.8.11
github.com/mattermost/mattermost	le	v8.1.2
github.com/mattermost/mattermost	le	v9.0.0
github.com/mattermost/mattermost	le	v8.0.3
github.com/mattermost/mattermost	le	v7.8.11