CVE-2017-18908

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0190%

EPSS Percentile36.68th

PublishedJun 19, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.

Affected Platforms (CPE)

📦

Mattermost

Mattermost Server

< 3.9.2

📦

Mattermost

Mattermost Server

>= 3.10.0 and < 3.10.2

References & Advisories

🔗 https://mattermost.com/security-updates/

Related Vulnerabilities

CVE-2017-189009.8

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.

CVE-2017-188859.8

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing u...

CVE-2017-188889.8

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multip...

CVE-2017-189129.8

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a...