CVE-2023-1831
7.5
HIGH
CVSS 3.1
EPSS 0.16%
Description
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
How to fix CVE-2023-1831
To remediate CVE-2023-1831, upgrade the affected package to a fixed version below.
- Bitnami/mattermost—upgrade to 7.7.3 or later
Is CVE-2023-1831 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.7.3, >= 7.8.0, < 7.8.2 | >= 7.9.0, <= 7.9.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |