CVE-2023-5968 - Vulnerability Details - OpenCVE

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00144.

Key SSVC decision points have not yet been added.

Vendors	Products
Mattermost	Mattermost

Configuration 1 [-]

OR	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost::::::::
	cpe:2.3:a:mattermost:mattermost:9.0.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-3022	Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
Github GHSA	GHSA-r67m-mf7v-qp7j	Mattermost password hash disclosure vulnerability

Fixes

Solution

Update Mattermost Server to versions 7.8.12, 8.0.4, 8.1.3, 9.0.1 or higher.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://mattermost.com/security-updates

History

No history.

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2023-11-06T15:35:14.094Z

Updated: 2024-09-12T19:26:46.796Z

Reserved: 2023-11-06T15:28:44.101Z

Link: CVE-2023-5968

Vulnrichment

Updated: 2024-08-02T08:14:25.131Z

NVD

Status : Modified

Published: 2023-11-06T16:15:42.897

Modified: 2024-11-21T08:42:53.130

Link: CVE-2023-5968

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5968", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2023-11-06T15:28:44.101Z", "datePublished": "2023-11-06T15:35:14.094Z", "dateUpdated": "2024-09-12T19:26:46.796Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "7.8.11", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "8.0.3", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "8.1.2", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "9.0.0", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "unaffected", "version": "7.8.12"}, {"status": "unaffected", "version": "8.0.4"}, {"status": "unaffected", "version": "8.1.3"}, {"status": "unaffected", "version": "9.0.1"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Juho Nurminen"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. </p>"}], "value": "Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.\u00a0\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-11-06T15:35:14.094Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost Server to versions <span style=\"background-color: rgb(255, 255, 255);\">7.8.12, <span style=\"background-color: rgb(255, 255, 255);\">8.0.4, </span></span>8.1.3, 9.0.1 or higher.</p>"}], "value": "Update Mattermost Server to versions\u00a07.8.12,\u00a08.0.4,\u00a08.1.3, 9.0.1 or higher.\n\n"}], "source": {"advisory": "MMSA-2023-00242", "defect": ["https://mattermost.atlassian.net/browse/MM-54225"], "discovery": "INTERNAL"}, "title": "Password hash in response body after username update", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.131Z"}, "title": "CVE Program Container", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T13:24:21.546464Z", "id": "CVE-2023-5968", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T19:26:46.796Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.131Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T13:24:21.546464Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T19:26:37.742Z"}}], "cna": {"title": "Password hash in response body after username update", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-54225"], "advisory": "MMSA-2023-00242", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Juho Nurminen"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.8.11"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "8.0.3"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "8.1.2"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.0.0"}, {"status": "unaffected", "version": "7.8.12"}, {"status": "unaffected", "version": "8.0.4"}, {"status": "unaffected", "version": "8.1.3"}, {"status": "unaffected", "version": "9.0.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost Server to versions\u00a07.8.12,\u00a08.0.4,\u00a08.1.3, 9.0.1 or higher.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Update Mattermost Server to versions <span style=\"background-color: rgb(255, 255, 255);\">7.8.12, <span style=\"background-color: rgb(255, 255, 255);\">8.0.4, </span></span>8.1.3, 9.0.1 or higher.</p>", "base64": false}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.\u00a0\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. </p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2023-11-06T15:35:14.094Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5968", "state": "PUBLISHED", "dateUpdated": "2024-09-12T19:26:46.796Z", "dateReserved": "2023-11-06T15:28:44.101Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2023-11-06T15:35:14.094Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A8DD228-69E5-4BD3-8BF4-0BFDA61F9951", "versionEndIncluding": "7.8.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "154F3427-98C1-4D4F-BFA7-499E2FE8AEED", "versionEndIncluding": "8.0.3", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*", "matchCriteriaId": "19AC73DE-98C1-4653-BB69-C8ECB0E51D54", "versionEndIncluding": "8.1.2", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AEE8D64-761C-4223-B100-D5D6DFF8E331", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.\u00a0\n\n"}, {"lang": "es", "value": "Mattermost no sanitiza adecuadamente el objeto de usuario al actualizar el nombre de usuario, lo que hace que el hash de la contrase\u00f1a se incluya en el cuerpo de la respuesta."}], "id": "CVE-2023-5968", "lastModified": "2024-11-21T08:42:53.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-06T16:15:42.897", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-116"}], "source": "nvd@nist.gov", "type": "Primary"}]}