First published: Mon Jul 17 2023(Updated: )
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost Server | >=7.8.0<7.8.7 | |
Mattermost Mattermost Server | >=7.9.0<7.9.5 | |
Mattermost Mattermost Server | >=7.10.0<7.10.3 |
Update Mattermost to versions v7.8.7, v7.9.5, v7.10.3 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Mattermost issue is CVE-2023-3591.
The title of this vulnerability is 'Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.'
CVE-2023-3591 has a severity rating of 8.2, which is considered high.
Versions 7.8.0 to 7.8.7, 7.9.0 to 7.9.5, and 7.10.0 to 7.10.3 of Mattermost Server are affected by CVE-2023-3591.
To fix the vulnerability, it is recommended to update Mattermost Server to a version that includes the security updates listed in the reference link provided.