CVE-2021-37861

MEDIUM

Mattermost < 6.0.2 - Log Information Exposure

Title source: rule

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.

Core 1

Core References

Vendor Advisory x_refsource_misc

CVSS v3 5.8

EPSS 0.0041

EPSS Percentile 61.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-532

Status published

Products (1)

mattermost/mattermost < 6.0.2

Published Dec 09, 2021

Tracked Since Feb 18, 2026