DB username/password revealed in application logs
CVE-2023-2514

7.5HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 12 May 2023

Summary

The Mattermost Server contains a vulnerability where sensitive database usernames and passwords are not properly redacted before being logged during server initialization. This weakness can lead to unauthorized access and potential exploitation by malicious actors who gain insight into sensitive application configuration details. It is crucial for organizations using Mattermost to apply the relevant patches and follow best practices for security to mitigate this risk.

Affected Version(s)

Mattermost 0 <= 7.1.7

Mattermost 0 <= 7.8.2

Mattermost 0 <= 7.9.1

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2023
Vulnerability Reserved
May 4, 2023

Credit

Stylianos Rigas