Main Vulnerability Database Vulnerabilities #VU30219

Incorrect permission assignment for critical resource in Mattermost Server - CVE-2017-18872

Published: June 19, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30219

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-18872

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mattermost Server

Software vendor:
Mattermost, Inc.

Description

The vulnerability allows a remote authenticated user to manipulate data.

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

Remediation

Install update from vendor's website.

External links

https://mattermost.com/security-updates/

Incorrect permission assignment for critical resource in Mattermost Server - CVE-2017-18872

Description

Remediation

External links

Please verify you're human