Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2023-08-25T09:06:06.310Z
Updated: 2024-08-02T07:31:05.857Z
Reserved: 2023-08-22T11:45:27.863Z
Link: CVE-2023-4478
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-25T10:15:09.687
Modified: 2023-08-31T17:44:40.807
Link: CVE-2023-4478
Redhat
No data.