{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T13:58:56.411","vulnerabilities":[{"cve":{"id":"CVE-2023-4478","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2023-08-25T10:15:09.687","lastModified":"2024-11-21T08:35:15.067","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.\n\n"},{"lang":"es","value":"Mattermost no restringe los valores de los parámetros que toma de la solicitud durante el registro, lo que permite a un atacante registrar a los usuarios como inactivos, bloqueándoles así el acceso posterior a Mattermost sin que el administrador del sistema active sus cuentas."}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionEndExcluding":"7.8.9","matchCriteriaId":"7F550344-4A29-4354-9AB9-9E9168B81908"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.9.0","versionEndExcluding":"7.10.5","matchCriteriaId":"78A07BB1-20D2-41B4-9823-B3EF8CDFC997"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E47E76CA-0C92-4039-8448-D6618DF531CD"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]},{"url":"https://mattermost.com/security-updates","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}