Main Vulnerability Database Vulnerabilities #VU34214

Incorrect permission assignment for critical resource in Mattermost Server - CVE-2017-18870

Published: June 19, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34214

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-18870

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mattermost Server

Software vendor:
Mattermost, Inc.

Description

The vulnerability allows a remote authenticated user to manipulate data.

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.

Remediation

Install update from vendor's website.

External links

https://mattermost.com/security-updates/

Incorrect permission assignment for critical resource in Mattermost Server - CVE-2017-18870

Description

Remediation

External links

Please verify you're human