{"id":"CVE-2023-5160","details":"Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled\n\n\n","modified":"2026-03-14T12:24:11.712011Z","published":"2023-10-02T11:15:50.813Z","references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mattermost/mattermost-server","events":[{"introduced":"70da7adaff636f074316d05e0b4408f0721eee7b"},{"fixed":"ccceee77061add55f4ff849d5505fdb3e46b30e2"},{"introduced":"90f502dc2dc80ee25cfb7d7bc3e743b53564a5a7"},{"fixed":"69a5120ae293c9e6e3e1109bc3f02d7b659e60d9"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"fixed":"7.8.10"},{"introduced":"8.0.0"},{"fixed":"8.1.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5160.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}