CVE-2023-1831

Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).

Published: Apr 17, 2023
Updated: Apr 27, 2023
CVE: CVE-2023-1831
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
mattermost / mattermost_server	7.9.0	7.9.0.x
mattermost / mattermost_server	7.8.0	7.8.2
mattermost / mattermost_server	-	7.7.3

https://mattermost.com/security-updates/

Vulnerability Database

CVE-2023-1831