CVE-2023-2514

Summary

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. 

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 7.1.7affected
MattermostMattermost0 <= 7.7.3unaffected
MattermostMattermost0 <= 7.8.2affected
MattermostMattermost0 <= 7.9.1affected
MattermostMattermost7.1.8unaffected
MattermostMattermost7.7.4unaffected
MattermostMattermost7.8.3unaffected
MattermostMattermost7.9.2unaffected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References