1. CVE-Search
  2. CVE-2021-37861
ID CVE-2021-37861
Summary Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.
References
Vulnerable Configurations
  • cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.21.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.21.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.21.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.21.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.21.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.21.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.21.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.21.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.21.2:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.21.2:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.21.2:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.21.2:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.22.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.22.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.22.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.22.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.22.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.22.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.22.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.22.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.23.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.23.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.23.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.23.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.23.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.23.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.23.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.23.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.24.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.24.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.24.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.24.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.25.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.25.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.25.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.25.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.25.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.25.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.25.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.25.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.26.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.26.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.26.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.26.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.26.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.26.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.26.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.26.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.26.2:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.26.2:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.26.2:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.26.2:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.27.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.27.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.27.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.27.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.27.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.27.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.27.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.27.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.28.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.28.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.28.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.28.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.29.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.29.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.29.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.29.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.30.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.30.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.30.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.30.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.30.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.30.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.30.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.30.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.31.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.31.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.31.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.31.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.31.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.31.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.31.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.31.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.31.2:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.31.2:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.31.2:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.31.2:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.32.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.32.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.32.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.32.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.32.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.32.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.32.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.32.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.32.2:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.32.2:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.32.2:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.32.2:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.33.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.33.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.33.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.33.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.33.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.33.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.33.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.33.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.34.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.34.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.34.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.34.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.34.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.34.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.34.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.34.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.35.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.35.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.35.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.35.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.35.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.35.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.35.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.35.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.36.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.36.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.36.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.36.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.37.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.37.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.37.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.37.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.38.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.38.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.38.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.38.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.38.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.38.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.38.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.38.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.39.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.39.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.39.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.39.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.40.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.40.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.40.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.40.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.41.0:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.41.0:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.41.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.41.0:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:1.41.1:*:*:*:*:android:*:*
    cpe:2.3:a:mattermost:mattermost:1.41.1:*:*:*:*:android:*:*
  • cpe:2.3:a:mattermost:mattermost:1.41.1:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:mattermost:mattermost:1.41.1:*:*:*:*:iphone_os:*:*
  • cpe:2.3:a:mattermost:mattermost:5.34.5:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.34.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.35.1:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.35.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.35.2:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.35.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.35.3:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.35.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.35.4:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.35.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.36.1:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.36.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.38.1:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.38.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.38.2:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.38.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:5.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:5.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mattermost:mattermost:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mattermost:mattermost:6.0.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-12-2021 - 13:47)
Impact:
Exploitability:
CWE CWE-532
CAPEC
  • Fuzzing and observing application log data/errors for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
Last major update 13-12-2021 - 13:47
Published 09-12-2021 - 22:15
Last modified 13-12-2021 - 13:47
Back to Top