CyberSec.Space Logo
Back to CVE Browser

CVE-2017-18885

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile32.20th
PublishedJun 19, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.

Affected Platforms (CPE)

πŸ“¦
Mattermost

Mattermost Server

< 4.1.2
πŸ“¦
Mattermost

Mattermost Server

>= 4.2.0 and < 4.2.1
πŸ“¦
Mattermost

Mattermost Server

= 4.3.0
πŸ“¦
Mattermost

Mattermost Server

= 4.3.0
πŸ“¦
Mattermost

Mattermost Server

= 4.3.0
πŸ“¦
Mattermost

Mattermost Server

= 4.3.0

References & Advisories

πŸ”— https://mattermost.com/security-updates/
πŸ”— https://mattermost.com/security-updates/

Related Vulnerabilities

CVE-2016-110749.8

An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.

CVE-2017-188889.8

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multip...

CVE-2018-212519.8

An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not th...

CVE-2017-189009.8

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.