Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled

Affected Packages

Go github.com/mattermost/mattermost/server/v8

Affected versions: 0 (fixed in 8.1.4)

Go github.com/mattermost/mattermost-server/v6

Affected versions: 0 (fixed in 7.8.13)

Related CVEs

CVE-2023-47865

Key Information

GHSA ID

GHSA-jj46-9cgh-qmfx

Published

November 27, 2023 12:30 PM

Last Modified

November 28, 2023 8:50 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/mattermost/mattermost/server/v8

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.