CVE-2023-5968 — MEDIUM (4.9)

Q: What is CVE-2023-5968?

CVE-2023-5968 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

Q: How severe is CVE-2023-5968?

CVE-2023-5968 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5968?

Check the references section above for vendor advisories and patch information. Affected products include: Mattermost Mattermost.

Vulnerability Description

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mattermost	Mattermost	<= 7.8.11

Related Weaknesses (CWE)

CWE-116 CWE-200

References

https://mattermost.com/security-updatesVendor Advisory
https://mattermost.com/security-updatesVendor Advisory

FAQ

What is CVE-2023-5968?

CVE-2023-5968 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

How severe is CVE-2023-5968?

CVE-2023-5968 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5968?

Check the references section above for vendor advisories and patch information. Affected products include: Mattermost Mattermost.