github.com/mattermost/mattermost-server is vulnerable to Password Disclosure. The vulnerability exists because the user passwords and hashes are revealed in audit logs if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).