Parameter tampering in the registration resulting in blocked accounts to be created

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

输出中的特殊元素转义处理不恰当(注入)

Mattermost 注入漏洞

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost存在安全漏洞，该漏洞源于无法限制在注册期间从请求中获取的参数值，允许攻击者将用户注册为非活动状态。

N/A

N/A