CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-18912

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile4.13th
Published2020年6月19日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.

Affected Platforms (CPE)

📦
Mattermost

Mattermost Server

< 3.6.7
📦
Mattermost

Mattermost Server

>= 3.7.0 and < 3.7.5
📦
Mattermost

Mattermost Server

>= 3.8.0 and < 3.8.2

References & Advisories

🔗 https://mattermost.com/security-updates/
🔗 https://mattermost.com/security-updates/

相關漏洞威脅

CVE-2017-189009.8

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.

CVE-2017-188859.8

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing u...

CVE-2017-188889.8

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multip...

CVE-2017-189089.8

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an att...