What is CVE-2023-47865?

CVE-2023-47865 is a vulnerability in Mattermost that allows members to override the username and icon when posting a message, even when Hardened Mode is enabled.

How does CVE-2023-47865 impact Mattermost?

CVE-2023-47865 allows members to bypass the restrictions of Hardened Mode and override the username and icon when making a post.

What is the severity of CVE-2023-47865?

The severity of CVE-2023-47865 is medium with a CVSS score of 4.3.

Which versions of Mattermost are affected by CVE-2023-47865?

Mattermost versions 7.8.13 and earlier, as well as versions 8.1.4 and earlier, are affected by CVE-2023-47865.

How can I fix CVE-2023-47865 in Mattermost?

To fix CVE-2023-47865, update your Mattermost instance to version 7.8.14 or later, or version 8.1.5 or later.

Vulnerability/
CVE-2023-47865

medium

4.3

CWE

284

27/11/2023

2/8/2024

CVE-2023-47865: Username and Icon override can be used by members when Hardened Mode is enabled

First published: Mon Nov 27 2023(Updated: )

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled

Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com

Affected Software	Affected Version	How to fix
go/github.com/mattermost/mattermost-server/v6	<7.8.13	7.8.13
go/github.com/mattermost/mattermost/server/v8	<8.1.4	8.1.4
Mattermost Mattermost	<=7.8.12
Mattermost Mattermost	>=8.0.0<=8.1.3

Remedy

Update Mattermost Server to versions 7.8.13, 8.1.4 or higher.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-47865?
CVE-2023-47865 is a vulnerability in Mattermost that allows members to override the username and icon when posting a message, even when Hardened Mode is enabled.
How does CVE-2023-47865 impact Mattermost?
CVE-2023-47865 allows members to bypass the restrictions of Hardened Mode and override the username and icon when making a post.
What is the severity of CVE-2023-47865?
The severity of CVE-2023-47865 is medium with a CVSS score of 4.3.
Which versions of Mattermost are affected by CVE-2023-47865?
Mattermost versions 7.8.13 and earlier, as well as versions 8.1.4 and earlier, are affected by CVE-2023-47865.
How can I fix CVE-2023-47865 in Mattermost?
To fix CVE-2023-47865, update your Mattermost instance to version 7.8.14 or later, or version 8.1.5 or later.

collector/github-advisory-latest
alias/GHSA-jj46-9cgh-qmfx
alias/CVE-2023-47865
collector/nvd-api
collector/nvd-cve
collector/github-advisory
agent/author
agent/weakness
agent/tags
agent/event
agent/references
agent/severity
agent/title
agent/type
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
package-manager/go
vendor/mattermost
canonical/mattermost mattermost
version/mattermost mattermost/7.8.12
version/mattermost mattermost/8.0.0
version/mattermost mattermost/8.1.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.