First published: Mon Apr 17 2023(Updated: )
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Credit: responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost Server | <7.7.3 | |
Mattermost Mattermost Server | >=7.8.0<7.8.2 | |
Mattermost Mattermost Server | =7.9.0 |
Update Mattermost to version v7.7.3, v7.8.2, v7.9.1 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-1831.
The title of the vulnerability is 'Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations'.
The affected software is Mattermost Server versions up to 7.7.3, versions 7.8.0 to 7.8.2, and version 7.9.0.
CVE-2023-1831 has a severity value of 7.5 (high).
To fix the vulnerability, update your Mattermost Server to version 7.9.0 or apply the recommended security updates provided by Mattermost.