Lucene search
Veracode Vulnerability DatabaseVERACODE:40590HistoryMay 19, 2023 - 4:07 a.m.
Password Disclosure
2023-05-1904:07:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
github
mattermost
server
vulnerability
password disclosure
audit logs
experimental
audit logging configuration
user passwords
user hashes
software
0.001 Low
EPSS
Percentile
43.0%
github.com/mattermost/mattermost-server is vulnerable to Password Disclosure. The vulnerability exists because the user passwords and user hashes were revealed in audit logs if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
References
github.com/mattermost/mattermost-server/commit/2e0b83e9e86eee88578f8e0a9bb8215aa13bb46a
github.com/mattermost/mattermost-server/commit/6bcbd64dca8fec945c7abb83ba58c7b68abffa86
github.com/mattermost/mattermost-server/commit/9494ba96c92128d57f9e332cefe9c4c24f2f14b9
github.com/mattermost/mattermost-server/commit/975848b862e33caa1b8ce4db752bea1f0f15e258
mattermost.com/security-updates
mattermost.com/security-updates/
Related
osv
osv
CVE-2023-2514
2023-05-12 09:15:10
cvelist
cvelist
CVE-2023-2514 DB username/password revealed in application logs
2023-05-12 08:56:56
nvd
nvd
CVE-2023-2514
2023-05-12 09:15:10
prion
prion
Design/Logic Flaw
2023-05-12 09:15:00
cve
cve
CVE-2023-2514
2023-05-12 09:15:10