CVE-2023-2514

MEDIUM

Mattermost < 7.1.7 - Sensitive Information Disclosure in Application Logs

Title source: llm
STIX 2.1

Description

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. 

References (1)

Core 1
Core References

Scores

CVSS v3 6.7
EPSS 0.0055
EPSS Percentile 41.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-532 CWE-200
Status published
Products (1)
mattermost/mattermost < 7.1.7
Published May 12, 2023
Tracked Since Feb 18, 2026