CVE-2023-5160: Infoleak
First published: Mon Oct 02 2023(Updated: )
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost | >=7.0.0<7.8.10 | |
| Mattermost Mattermost | >=8.0.0<8.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Mattermost issue?
The vulnerability ID for this Mattermost issue is CVE-2023-5160.
What is the severity of CVE-2023-5160?
The severity of CVE-2023-5160 is medium with a severity value of 4.3.
How does Mattermost fail to check the Show Full Name option in this vulnerability?
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
Which versions of Mattermost are affected by this vulnerability?
Versions 7.0.0 to 7.8.10 and versions 8.0.0 to 8.1.1 of Mattermost are affected by this vulnerability.
How can I fix CVE-2023-5160?
To fix CVE-2023-5160, you should update your Mattermost installation to a version that is not affected by this vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/mattermost
- canonical/mattermost mattermost
- version/mattermost mattermost/7.0.0
- version/mattermost mattermost/8.0.0