CVE-2023-1831

Mattermost fails to redact from audit logsĀ the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
References
Link Resource
https://mattermost.com/security-updates/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:7.9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-17 15:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-1831

Mitre link : CVE-2023-1831

CVE.ORG link : CVE-2023-1831


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-319

Cleartext Transmission of Sensitive Information

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor