Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User creation date manipulation in POST /api/v4/users
Vulnerability Description
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对因果或异常条件的不恰当检查
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 9.9.x版本至9.9.1版本、9.5.x版本至9.5.7版本、9.10.x版本至9.10.0版本和9.8.x版本至9.8.2版本存在安全漏洞,该漏洞源于未能限制接口中的输入,这允许用户篡改创建日期,从而欺骗管理员相信其账户已经存在了更长的时间。
CVSS Information
N/A
Vulnerability Type
N/A