2 matches found
Password Disclosure
github.com/mattermost/mattermost-server is vulnerable to Password Disclosure. The vulnerability exists because the user passwords and user hashes were revealed in audit logs if the experimental audit logging configuration was enabled ExperimentalAuditSettings section in config...
Code injection
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled ExperimentalAuditSettings section in config...