Security
Headlines

Headlines Latest CVEs

Headline

GHSA-r67m-mf7v-qp7j: Mattermost password hash disclosure vulnerability

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

12 months ago

#vulnerability #git #perl

Skip to content

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

GitHub Advisory Database
GitHub Reviewed
CVE-2023-5968

Mattermost password hash disclosure vulnerability

Moderate severity GitHub Reviewed Published Nov 6, 2023 to the GitHub Advisory Database • Updated Nov 8, 2023

Package

gomod github.com/mattermost/mattermost-server/v6 (Go)

Affected versions

< 7.8.12

gomod github.com/mattermost/mattermost/server/v8 (Go)

>= 8.0.0, < 8.0.4

>= 8.1.0, < 8.1.3

= 9.0.0

Description

Published to the GitHub Advisory Database

Nov 6, 2023

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

15 hours ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

15 hours ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

15 hours ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

18 hours ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

18 hours ago