User object sanitization vulnerability in Mattermost allows password hash exposure

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.

Learn more about our User Device Pen Test.