First published: Thu Dec 09 2021(Updated: )
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.
Credit: responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | <=6.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Mattermost vulnerability is CVE-2021-37861.
CVE-2021-37861 has a severity rating of 7.5 (High).
The affected software version for CVE-2021-37861 is Mattermost 6.0.2 and earlier.
The CWE ID for CVE-2021-37861 is CWE-532.
To fix CVE-2021-37861 in Mattermost, update to a version later than 6.0.2 that addresses the vulnerability.