VDB
CVE-2017-18872
CVE-2017-18872
PUBLISHED
Reported by mitre · Published June 19, 2020
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| github.com | mattermost/mattermost-server | 4.4.0-rc1, 4.4.0-rc1, 0 |
| n/a | n/a | n/a, n/a, * |
Timeline
- Jun 19, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
References
- x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2017-18872 advisory
- https://github.com/advisories/GHSA-hgrp-fgm8-56g8 advisory
- https://github.com/mattermost/mattermost/commit/8f6bb1570dd234c63de5241eff9fbb268aad358c patch
- https://github.com/mattermost/mattermost url
- https://mattermost.com/security-updates url