Incorrect permission assignment for critical resource in Mattermost Server - CVE-2017-18870
Published: June 19, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34214
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-18870
CWE-ID: CWE-732
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mattermost, Inc.
Affected software:
Mattermost Server
Mattermost Server
Detailed vulnerability description
The vulnerability allows a remote authenticated user to manipulate data.
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.
How to mitigate CVE-2017-18870
Install update from vendor's website.