Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
2023-11-06T16:15:42.897
2024-11-21T08:42:53.130
Modified
CVSSv3.1: 4.9 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mattermost | mattermost | ≤ 7.8.11 | Yes |
| Application | mattermost | mattermost | ≤ 8.0.3 | Yes |
| Application | mattermost | mattermost | ≤ 8.1.2 | Yes |
| Application | mattermost | mattermost | 9.0.0 | Yes |