First published: Mon Oct 02 2023(Updated: )
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | >=7.0.0<7.8.10 | |
Mattermost Mattermost | >=8.0.0<8.1.1 | |
>=7.0.0<7.8.10 | ||
>=8.0.0<8.1.1 |
Update Mattermost Server to versions 7.8.10, 8.1.1 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Mattermost issue is CVE-2023-5160.
The severity of CVE-2023-5160 is medium with a severity value of 4.3.
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
Versions 7.0.0 to 7.8.10 and versions 8.0.0 to 8.1.1 of Mattermost are affected by this vulnerability.
To fix CVE-2023-5160, you should update your Mattermost installation to a version that is not affected by this vulnerability.