github.com/mattermost/mattermost-server is vulnerable to Password Disclosure. The vulnerability exists because the user passwords and user hashes were revealed in audit logs if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
github.com/mattermost/mattermost-server/commit/2e0b83e9e86eee88578f8e0a9bb8215aa13bb46a
github.com/mattermost/mattermost-server/commit/6bcbd64dca8fec945c7abb83ba58c7b68abffa86
github.com/mattermost/mattermost-server/commit/9494ba96c92128d57f9e332cefe9c4c24f2f14b9
github.com/mattermost/mattermost-server/commit/975848b862e33caa1b8ce4db752bea1f0f15e258
mattermost.com/security-updates
mattermost.com/security-updates/