CVE-2017-18906 — Vulnetix

CVE-2017-18906 PUBLISHED CVSS 8.100000381469727 HIGH

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.

EPSS 0.21% · 43.2th percentile

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.21%

43.2th percentile

Affected Products

Vendor	Product	Versions
github.com	mattermost/mattermost-server	3.10.0, 0, 3.10.0
n/a	n/a	*, n/a
mattermost	mattermost_server	3.10.0, 0, 3.10.0

Timeline

Jun 19, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 25, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 27, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 2, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Jan 7, 2023 EPSS Score

References

https://mattermost.com/security-updates/ url
https://nvd.nist.gov/vuln/detail/CVE-2017-18906 advisory
https://github.com/mattermost/mattermost/commit/259ad46f30d0fac2f7c5c14f3b76b2170f7e90c7 url
https://github.com/mattermost/mattermost/commit/b17fca0d5ee7557e3df1cf1d1da8bd749859e35f url
https://github.com/mattermost/mattermost/commit/fbc170733e86f09b46ba754dd03304733d2f482f url
https://github.com/mattermost/mattermost package
https://mattermost.com/security-updates url

Open in Interactive Console →