CVE-2023-4478

HIGH8.2EPSS 0.37%

發布日:2024/3/6修改日:2025/4/3

描述

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

受影響套件(1)

Bitnami/mattermostfrom 0, < 7.8.9, >= 7.9.0, < 7.10.5 | >= 8.0.0, <= 8.0.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

參考連結(2)

WEBhttps://mattermost.com/security-updates
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-4478