CVE-2023-4478

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-4478

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4478.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-4478

Aliases

BIT-mattermost-2023-4478

Published

2023-08-25T10:15:09.687Z

Modified

2026-02-05T09:14:32.551417Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Fixed

6c6da2672849c1f0ca41efec67bea8391615cd69

Introduced

c4d8c1450ab2b9538bbc2690ca1ee865567a5888

Fixed

9aba21e291dbfc44b1b715a1f24259ae937725db

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4478.json"