Описание
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.7.3 (исключая)Версия от 7.8.0 (включая) до 7.8.2 (исключая)
Одно из
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:7.9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00095
Низкий
7.2 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-200
CWE-319
Связанные уязвимости
CVSS3: 7.2
debian
почти 3 года назад
Mattermost fails to redact from audit logsthe user password during use ...
CVSS3: 7.5
github
больше 2 лет назад
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
EPSS
Процентиль: 27%
0.00095
Низкий
7.2 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-200
CWE-319