Main Vulnerability Database Vulnerabilities #VU30176

#VU30176 Insufficient Session Expiration in Mattermost Server - CVE-2017-18905

Published: June 19, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30176

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-18905

CWE-ID: CWE-613

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mattermost Server

Software vendor:
Mattermost, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.

Remediation

Install update from vendor's website.

External links

https://mattermost.com/security-updates/

#VU30176 Insufficient Session Expiration in Mattermost Server - CVE-2017-18905

Description

Remediation

External links

Please verify you're human