CVE-2023-1831

Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:7.9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:39

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 7.2
References () https://mattermost.com/security-updates/ - Vendor Advisory () https://mattermost.com/security-updates/ - Vendor Advisory

Information

Published : 2023-04-17 15:15

Updated : 2024-11-21 07:39


NVD link : CVE-2023-1831

Mitre link : CVE-2023-1831

CVE.ORG link : CVE-2023-1831


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-319

Cleartext Transmission of Sensitive Information