CVE-2023-1831
EUVD-2023-2403317.04.2023, 15:15
Mattermost fails to redact from audit logsĀ the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 𝑥 < 7.7.3 |
| mattermost | mattermost_server | 7.8.0 ≤ 𝑥 < 7.8.2 |
| mattermost | mattermost_server | 7.9.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.