CVE-2023-1831
17.04.2023, 15:15
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 𝑥 < 7.7.3 |
| mattermost | mattermost_server | 7.8.0 ≤ 𝑥 < 7.8.2 |
| mattermost | mattermost_server | 7.9.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 𝑥 ≤ 7.7.2 | CNA |
| mattermost | mattermost | 𝑥 ≤ 7.8.1 | CNA |
| mattermost | mattermost | 𝑥 ≤ 7.9.0 | CNA |
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.