CVE-2023-4478
8.2
HIGH
CVSS 3.1
EPSS 0.37%
Description
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
How to fix CVE-2023-4478
To remediate CVE-2023-4478, upgrade the affected package to a fixed version below.
- Bitnami/mattermost—upgrade to 7.8.9 or later
Is CVE-2023-4478 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.8.9, >= 7.9.0, < 7.10.5 | >= 8.0.0, <= 8.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |