CVE-2023-4478
- Source
- https://cve.org/CVERecord?id=CVE-2023-4478
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4478.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-4478
- Aliases
- Published
- 2023-08-25T10:15:09.687Z
- Modified
- 2026-04-10T05:03:08.846392Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
- References
Affected packages
Git / github.com/mattermost/mattermost-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mattermost/mattermost-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "7.8.9" }, { "introduced": "7.9.0" }, { "fixed": "7.10.5" }, { "introduced": "0" }, { "last_affected": "8.0.0" } ] }
Affected versions
Other
cloud-2022-07-20-1
cloud-2022-08-10-1
cloud-2022-09-08-1
cloud-2022-10-06-1
cloud-2022-11-11-1
cloud-2022-11-24-1
cloud-2023-01-26-1
cloud-2023-03-29-1
cloud-2023-06-26-1
v0.*
v0.5.0
v4.*
v4.10.0-rc1
v4.2.0-rc1
v4.3.0-rc1
v4.4.0-rc1
v4.5.0-rc1
v4.6.0-rc1
v4.6.0-rc2
v4.7.0-rc1
v4.8.0-rc1
v4.9.0-rc1
v5.*
v5.0.0-rc1
v5.1.0-rc1
v5.2.0-rc1
v5.2.0-rc2
v7.*
v7.10.0
v7.10.1
v7.10.2
v7.10.3
v7.10.4
v7.8.0
v7.8.1
v7.8.2
v7.8.3
v7.8.4
v7.8.5
v7.8.6
v7.8.7
v7.8.8
v8.*
v8.0.0