7.5
CVE-2023-2514
- EPSS 0.34%
- Veröffentlicht 12.05.2023 09:15:10
- Zuletzt bearbeitet 21.11.2024 07:58:45
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
LoginDB username/password revealed in application logs
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Version <= 7.1.7
Mattermost ≫ Mattermost Version >= 7.7.0 <= 7.7.3
Mattermost ≫ Mattermost Version >= 7.8.0 <= 7.8.2
Mattermost ≫ Mattermost Version >= 7.9.0 <= 7.9.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.563 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| responsibledisclosure@mattermost.com | 6.7 | 1.2 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.