CVE-2023-47865

Summary

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 8.1.3affected
MattermostMattermost0 <= 7.8.12affected
MattermostMattermost7.8.13unaffected
MattermostMattermost8.1.4unaffected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References